Dynatrace Documentation: ingest-from/amazon-web-services¶
Generated: 2026-02-18
Files combined: 72
Source: aws-marketplace.md¶
title: AWS Marketplace private offer source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/aws-platform/aws-marketplace scraped: 2026-02-18T05:58:59.702823
AWS Marketplace private offer¶
AWS Marketplace private offer¶
- How-to guide
- 3-min read
- Published May 26, 2025
The Dynatrace Platform Service can be licensed via the AWS Marketplace according to a private offer.
This page describes how to link your private offer with a Dynatrace environment. You can either link an existing Dynatrace environment that was created with AWS, or create and link a new environment.
If you do not yet have a private offer, reach out to Dynatrace sales at sales@dynatrace.com.
Key terms¶
Private offer : A customer-specific license proposal that has been prepared by Dynatrace. It includes a custom rate card with the agreed-upon capabilities and prices.
Public cloud service : Computing services offered by a third-party provider. Dynatrace can be licensed via a public cloud service.
Dynatrace environment
: A Dynatrace environment is where all your Dynatrace performance analysis takes place. Environments have a unique identifier in the format abc12345.
Prerequisites¶
- You already have a customized private offer for Dynatrace in the AWS Marketplace.
- If you are linking an existing Dynatrace account, your Dynatrace user needs to have the View and manage account billing information permissions for that account.
Steps¶
Follow the steps below to link your private offer to a Dynatrace account.
Link an existing Dynatrace account
Create a new Dynatrace account to link
If you already have an existing Dynatrace account and environment on AWS, follow the steps below to link the account to your AWS Marketplace private offer. This can be either a trial or production environment, as long as it is in an active state.
- In AWS Marketplace, open your Dynatrace private offer.
- Accept your Dynatrace private offer.
- Select Set up your account.
- On the Welcome to your new Dynatrace Platform Subscription page, select Link existing account.
-
Sign in as the Dynatrace user that is assigned to the account you want to link.
-
Enter the email address, then select Next.
- Enter the account password, then select Next.
-
Depending on how many accounts the user is assigned to, do one of the following:
-
One account: The account is recognized automatically and you can continue to the next step.
- Multiple accounts: In the Account to link drop-down menu, select the specific account that you want to link this private offer to. Then, continue to the next step.
-
More than 20 accounts: In the Account UUID field, specify the Account UUID from the account that you want to link this private offer to. Then, continue to the next step.
To get your Account UUID, go to Account Management and copy the UUID from the URL of the address field of your browser. 7. Once you've signed in with the chosen account, your account information is displayed in User details, Account details, and Environments. This is the account that will be linked to your private offer, so verify the details are correct. 8. Select the check box next to I agree to link this Dynatrace account with my marketplace subscription., then select Next.
This step cannot be undone.
When the Congratulations! window appears, your private offer is now linked to the chosen Dynatrace account.
Your subscription information in Account Management will reflect the fully-credited new license within three days. In the meantime, you can start using your Dynatrace environment according to the account's existing license (if you linked an existing account) or with a trial license (if you created a new account).
Select Open Dynatrace to start using Dynatrace and Set up Dynatrace on Amazon Web Services.
If you don't yet have a Dynatrace account, follow the steps below to create an account and link it to your AWS Marketplace private offer.
- In AWS Marketplace, open your Dynatrace private offer.
- Accept your Dynatrace private offer.
- Select Set up your account.
- On the Welcome to your new Dynatrace Platform Subscription page, select Create a new account.
-
Enter the required information as described on the page:
-
User details
- Account details
- Environment details
- Select Create account.
A You're almost done! window appears. Dynatrace creates a new account and environment according to the information that you have entered. This step may take up to 5 minutes to complete.
When the account is successfully created, a Congratulations! window appears. Your private offer is now linked to the Dynatrace account that you just created.
Your subscription information in Account Management will reflect the fully-credited new license within three days. In the meantime, you can start using your Dynatrace environment according to the account's existing license (if you linked an existing account) or with a trial license (if you created a new account).
Select Open Dynatrace to start using Dynatrace and Set up Dynatrace on Amazon Web Services.
Related topics¶
Source: set-up-cors-in-amazon-s3.md¶
title: Set up CORS on Amazon S3 source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/aws-platform/set-up-cors-in-amazon-s3 scraped: 2026-02-17T04:51:25.276977
Set up CORS on Amazon S3¶
Set up CORS on Amazon S3¶
- How-to guide
- 3-min read
- Published Jul 19, 2017
Use these guidelines to set up CORS (cross-origin HTTP requests) in AWS for buckets within Amazon S3 (Simple Storage Service). To learn more about CORS and how it works, see HTTP access control (CORS).
Introduction¶
Modern web browsers don't provide access to error information in window.onerror for scripts that are loaded across domains. This is a severe restriction that limits the usefulness of the Dynatrace JavaScript error-detection engine.
Without CORS, instead of providing error details and a stacktrace when an uncaught JavaScript error is thrown, a message such as the follow appears:
"Script error" is usually reported when an exception violates the browsers same-origin-policy i.e. when the error occurs in a script that is hosted on a domain other than the domain of the current page.
If the script is received with the CORS HTTP headers set, it's possible to get the full error details for most browsers by adding the attribute crossorigin="anonymous" to the script tag. Unfortunately Internet Explorer 11 and Edge don't currently support the crossorigin attribute. Care is also required to only set the crossorigin attribute for scripts with CORS headers present as otherwise the script will not be executed anymore.
In order to gain full visibility into thrown JavaScript errors, CORS HTTP headers must be set on the cross-domain servers and the crossorigin attribute must be applied to the script tag. Before performing this step, you must configure Amazon S3.
Configure Amazon S3¶
The first step is to input CORS settings for your resources on S3. This is done at the bucket level. Unfortunately, it's not possible to input CORS settings for individual resources within buckets.
- Open the Amazon S3 console.
- Select the bucket that contains your resources.
- Select Permissions.
- Scroll down to Cross-origin resource sharing (CORS) and select Edit.
- Insert the CORS configuration in JSON format.
Example JSON:
[
{
"AllowedHeaders": [
"*"
],
"AllowedMethods": [
"GET",
"HEAD"
],
"AllowedOrigins": [
"*"
],
"ExposeHeaders": []
}
]
See Creating a cross-origin resource sharing (CORS) configuration for details. 6. Select Save changes to save your configuration.
Configure CloudFront¶
With Amazon S3 configured, it's now time to enable CORS headers in CloudFront. Otherwise the headers will be filtered out and this mechanism won't work.
- Open the CloudFront console. You should see a window similar to that shown below. Find your distribution in the list and click its ID link. If necessary, use the search field (highlighted below in red) to search for your distribution.
2. Now you should see your distribution. Click the Behaviors tab. Find the behavior entry for your resource, described in the Path Pattern column. Select the pattern and click Edit. If the behavior entry doesn't exist, you must create it.
3. Now we can edit the behavior settings. All CORS-relevant elements are highlighted in red below. First you must choose which HTTP method will be available for this behavior. For Allowed HTTP Methods, we recommend that you select the second or third option and select the OPTIONS check box, otherwise you won't be able to use CORS for REST calls, which use preflighted requests.
4. From the Forward Headers list, select Allowlist. You should then see the Allowlist headers menu. Select a particular header from the left listbox and click Add. If you don't see a particular header you can input it into Filter headers⦠textbox and click Add custom. For CORS, the most important headers are Origin and Access-Control-Allow-Origin. Other headers are optional and dependent on what you want to achieve.
5. Confirm your changes by clicking Yes, Edit.

Source: aws-connection-app-settings.md¶
title: Create an AWS connection via Settings source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/create-an-aws-connection/aws-connection-app-settings scraped: 2026-02-18T05:36:27.930739
Create an AWS connection via Settings¶
Create an AWS connection via Settings¶
- Latest Dynatrace
- How-to guide
- Updated on Jan 09, 2026
Onboard your AWS account in few steps that will generate a deployable CloudFormation template.
The CloudFormation stack will deploy core mandatory resources inside your AWS account (Dynatrace IAM monitoring role, AWS secrets, Dynatrace API integration Lambda function).
After a successful deployment, a connection from Dynatrace to your AWS account will be created. Dynatrace will then perform API calls to your AWS account to poll and push telemetry into your Dynatrace environment.
The new integration does not deploy or use ActiveGate compute resources inside your AWS account to poll or push telemetry.
The experience is transparent and fully managed by Dynatrace.
Overview¶
General recommendations¶
We highly discourage onboarding AWS accounts that are actively monitored by our classic AWS integration. Onboarding such accounts might increase the likelihood of AWS APIs throttling, potentially resulting in service interruptions.
Limitations¶
- GovCloud and China partitions are not supported.
- Dynatrace is designed to support large and complex AWS environments. By default, a Dynatrace environment can accommodate up to 3,000 AWS connections (each connection representing a single AWS account).
This is a soft limit. If you plan to exceed this (per Dynatrace environment) we kindly ask you to open a support request so we can proactively increase this limit, ensuring a smooth experience.
- AWS does not support EventBridge API destinations in all Regions. Therefore, event ingest is not available in Regions that don't support it. See EventBridge feature availability for details.
Prerequisites¶
Only a Dynatrace account administrator and an AWS administrator can successfully complete the initial prerequisites.
1. Create AWS IAM baseline¶
Actions in this section can and (should) only be performed by an AWS administrator.
All necessary AWS permissions must be granted to successfully deploy the CloudFormation stacks and associated AWS resources.
In environments where full duty separation is practiced, we recommend that the Dynatrace administrator shares the templates with the platform team/AWS administrators.
Core CFN templates¶
Conditional CFN templates (deployed based on user opt-in during onboarding)¶
AWS IAM permission policy for deploying the CloudFormation stacks¶
Make sure that an AWS user, or a role, used for the CloudFormation stacks deployment is granted with the following (minimum) permission policies.
To allow the least privilegeârestricting users creating the AWS connections that follow a specific naming pattern, use the value for <Deployment-Stack-Name-Prefix>. This ensures that any connection created must adhere to this exact naming convention.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "cloudformation0",
"Effect": "Allow",
"Action": [
"cloudformation:CreateStack",
"cloudformation:DescribeStacks",
"cloudformation:UpdateStack",
"cloudformation:ListStacks",
"cloudformation:DescribeStackResources",
"cloudformation:DeleteStack",
"cloudformation:CreateChangeSet",
"cloudformation:DescribeChangeSet",
"cloudformation:ExecuteChangeSet",
"cloudformation:CreateStackInstances",
"cloudformation:ListStackInstances",
"cloudformation:DescribeStackInstance",
"cloudformation:DeleteStackInstances",
"cloudformation:CreateStackSet",
"cloudformation:UpdateStackSet",
"cloudformation:DescribeStackSet",
"cloudformation:DescribeStackSetOperation",
"cloudformation:ListStackSetOperationResults",
"cloudformation:DeleteStackSet",
"cloudformation:TagResource",
"cloudformation:UntagResource"
],
"Resource": [
"arn:aws:cloudformation:*:<AWS-Account-ID>:stackset-target/*",
"arn:aws:cloudformation:<Deployment-Region>:<AWS-Account-ID>:stackset/Dynatrace*:*",
"arn:aws:cloudformation:<Deployment-Region>:<AWS-Account-ID>:stack/<Deployment-Stack-Name-Prefix>*/*",
"arn:aws:cloudformation:*:<AWS-Account-ID>:stack/StackSet-Dynatrace*/*",
"arn:aws:cloudformation:*:<AWS-Account-ID>:type/resource/*"
]
},
{
"Sid": "cloudformation1",
"Effect": "Allow",
"Action": [
"cloudformation:GetTemplate",
"cloudformation:ValidateTemplate",
"cloudformation:GetTemplateSummary"
],
"Resource": [
"*"
]
},
{
"Sid": "lambda",
"Effect": "Allow",
"Action": [
"lambda:CreateFunction",
"lambda:UpdateFunctionCode",
"lambda:UpdateFunctionConfiguration",
"lambda:GetFunction",
"lambda:InvokeFunction",
"lambda:DeleteFunction",
"lambda:TagResource",
"lambda:UntagResource"
],
"Resource": [
"arn:aws:lambda:<Deployment-Region>:<AWS-Account-ID>:function:DynatraceApiClientFunction*"
]
},
{
"Sid": "iam",
"Effect": "Allow",
"Action": [
"iam:CreatePolicy",
"iam:CreatePolicyVersion",
"iam:DeletePolicyVersion",
"iam:DeletePolicy",
"iam:CreateRole",
"iam:UpdateRole",
"iam:DeleteRole",
"iam:PassRole",
"iam:AttachRolePolicy",
"iam:PutRolePolicy",
"iam:DetachRolePolicy",
"iam:GetRole",
"iam:GetPolicy",
"iam:ListPolicyVersions",
"iam:TagPolicy",
"iam:TagRole",
"iam:UntagPolicy",
"iam:UntagRole",
"iam:GetRolePolicy",
"iam:UpdateAssumeRolePolicy",
"iam:DeleteRolePolicy"
],
"Resource": [
"arn:aws:iam::<AWS-Account-ID>:policy/<Deployment-Stack-Name-Prefix>*",
"arn:aws:iam::<AWS-Account-ID>:role/<Deployment-Stack-Name-Prefix>*",
"arn:aws:iam::<AWS-Account-ID>:role/Dynatrace*",
"arn:aws:iam::<AWS-Account-ID>:policy/Dynatrace*"
]
},
{
"Sid": "s3",
"Effect": "Allow",
"Action": [
"s3:GetObject",
"s3:CreateBucket",
"s3:DeleteBucket",
"s3:PutLifecycleConfiguration",
"s3:PutBucketTagging"
],
"Resource": [
"arn:aws:s3:::dynatrace*"
]
},
{
"Sid": "secretsmanager",
"Effect": "Allow",
"Action": [
"secretsmanager:CreateSecret",
"secretsmanager:DescribeSecret",
"secretsmanager:UpdateSecret",
"secretsmanager:GetSecretValue",
"secretsmanager:PutSecretValue",
"secretsmanager:TagResource",
"secretsmanager:DeleteSecret",
"secretsmanager:PutResourcePolicy",
"secretsmanager:DeleteResourcePolicy"
],
"Resource": [
"arn:aws:secretsmanager:<Deployment-Region>:<AWS-Account-ID>:secret:DynatraceAPIAccessToken*",
"arn:aws:secretsmanager:<Deployment-Region>:<AWS-Account-ID>:secret:DynatraceAPIPlatformToken*",
"arn:aws:secretsmanager:<Deployment-Region>:<AWS-Account-ID>:secret:/dynatrace/*"
]
},
{
"Sid": "kms0",
"Effect": "Allow",
"Action": [
"kms:CreateKey",
"kms:TagResource",
"kms:UntagResource"
],
"Resource": "*",
"Condition": {
"StringEquals": {
"aws:RequestTag/dt:CreatedBy": "Dynatrace"
}
}
},
{
"Sid": "kms1",
"Effect": "Allow",
"Action": [
"kms:CreateGrant",
"kms:RevokeGrant",
"kms:DescribeKey",
"kms:GetKeyPolicy",
"kms:PutKeyPolicy",
"kms:ScheduleKeyDeletion"
],
"Resource": "*",
"Condition": {
"StringEquals": {
"aws:ResourceTag/dt:CreatedBy": "Dynatrace"
}
}
},
{
"Sid": "kms2",
"Effect": "Allow",
"Action": [
"kms:CreateAlias",
"kms:DeleteAlias",
"kms:UpdateAlias"
],
"Resource": [
"arn:aws:kms:<Deployment-Region>:<AWS-Account-ID>:key/*"
],
"Condition": {
"StringEquals": {
"aws:ResourceTag/dt:CreatedBy": "Dynatrace"
}
}
},
{
"Sid": "kms3",
"Effect": "Allow",
"Action": [
"kms:CreateAlias",
"kms:DeleteAlias",
"kms:UpdateAlias"
],
"Resource": "arn:aws:kms:<Deployment-Region>:<AWS-Account-ID>:alias/dynatrace/*/keys/aws/integration/*"
},
{
"Sid": "logs0",
"Effect": "Allow",
"Action": [
"logs:DescribeLogGroups"
],
"Resource": "*"
},
{
"Sid": "logs1",
"Effect": "Allow",
"Action": [
"logs:DeleteLogGroup",
"logs:CreateLogGroup",
"logs:DeleteLogStream",
"logs:CreateLogStream",
"logs:DescribeLogStreams",
"logs:PutRetentionPolicy",
"logs:ListTagsForResource",
"logs:DescribeIndexPolicies",
"logs:AssociateKmsKey",
"logs:DisassociateKmsKey",
"logs:PutLogEvents",
"logs:TagResource"
],
"Resource": [
"arn:aws:logs:<Deployment-Region>:<AWS-Account-ID>:log-group:/aws/lambda/<Deployment-Stack-Name-Prefix>*",
"arn:aws:logs:<Deployment-Region>:<AWS-Account-ID>:log-group:/aws/lambda/DynatraceApiClientFunction-*"
]
}
]
}
At this point all, the AWS IAM baseline prerequisites have been completed. Keep in mind that the IAM role/user permissions are needed for each onboarded AWS account.
We recommend that an AWS administrator pre-create those IAM constructs programmatically.
2. Create the Dynatrace IAM baseline¶
Actions in this section can and (should) only be performed by the Dynatrace account administrator.
The new AWS Platform Monitoring has been integrated with the core Dynatrace Identity and Access Management (IAM) design.
Learn more about the basic concepts:
In this documentation section context:
Dynatrace account admin
: A built-in user with View and manage users and groups permission.
CloudsAdmins
: A customer-created custom IAM group where its members will be able to create and manage AWS connections in
Settings.
CloudAdmin
: An IAM user, member of the CloudsAdmins group. The name is used here solely for context; any Dynatrace IAM user can be used.
Service user : A non-interactive IAM identity, against which platform tokens will be created.
Platform token : The authentication and authorization secrets used to establish a secure communication with the Dynatrace APIs. In our context, two platform tokens are to be created:
* `Settings PT`âallows the creation and managment of an AWS connection.
* `Ingest PT`âallows the programmatic ingest of push-based telemetry from AWS.
Data-Acquisition AWS Integration App
: A Dynatrace-created built-in IAM policy which contains all the (least privilege) permission scopes required to support the creation and management of an AWS connection from
Settings. When using the new connection wizard, it will automatically create a new service user and linked platform tokens. It will also bind all required permissions to allow connection creation and management, and telemetry ingest from AWS (Firehose Logs and EventBridge Events).
Interactive IAM identity (IAM user)¶
- Create the
CloudsAdminsgroup.
Once the CloudsAdmins group is created, select Permissions > Scope and add the Data-Acquisition AWS Integration App and Standard User policies.
Apply Account-Wide or Environment-Wide, then select Save.
Validate: The CloudsAdmins Permissions section should show:
Data-Acquisition AWS Integration AppStandard User- Assign your CloudAdmin IAM user (or any other Dynatrace IAM user) as a member of the
CloudsAdminsgroup.
Onboarding¶
Before you start, make sure all prerequisites are completed.
- Log in to Dynatrace as the IAM user (member of the
CloudsAdminsIAM group) and open
Settings. - Go to Collect and capture > Cloud and virtualization > AWS and select New connection.
If the button is grayed out, it means you do not have the proper permissions to create a connection. Please, contact your administrator.
1. Select connection model¶
- Enter a friendly connection name that is unique (for example,
MyEastProd3Account). - Enter the AWS Account ID where you intend to deploy the connection.
- Choose the Deployment region.
The deployment region is the AWS Region from which the CloudFormation stack will be deployed.
If you plan to use the event ingest option, make sure to select a deployment region that supports EventBridge API destinations. 4. Select Next.
2. Select observability option¶
-
Choose the Recommended observability path. Two paths are currently supported:
-
Recommended: The monitoring configuration is an opinionated (immutable) option, only monitored Regions are customizable. Per AWS member account, this flow provides:
- AWS account resources inventory using
Clouds (for supported AWS services). - AWS account resources topology, depicted as rich resource entities using
Clouds (for supported AWS services). - Amazon CloudWatch API metric polling (per enabled region) for our recommended services (automatically opted-in).
- The Regions that were selected, allowing the AWS administrator to deploy Amazon Data Firehose streams for logs ingest as stacksets on the AWS Organizations Console.
- Advanced: The most fine-grained path monitoring configuration. Allows the full customization any monitoring setting to meet advanced use cases.
- AWS account resources inventory using
Regardless of the selected path, customizing all the supported monitoring settings is possible post-onboarding.
The topology signal is an auto-enabled signal; you can't disable it. 2. Choose the monitored AWS Regions you want to monitor.
The monitored regions are the AWS Regions in which Dynatrace can securely poll metrics, topology and push logs from.
You need to enable us-east-1 regardless of your desired monitored regions, since global AWS resources reside in us-east-1.
3. Select Next.
After a successful onboarding, you'll be able to customize monitored AWS Regions and all other supported monitoring settings, per AWS member account.
3. Get platform tokens for service users¶
- Generate the settings and ingest tokens. Alternatively, you may also paste pre-existing tokens.
- Select Download and Next.
If the download button is grayed out, that means that the Dynatrace token fields are not populated with platform tokens.
4. Finalize¶
- Go to the AWS Console and log in to the designated AWS account with an AWS IAM user that has all the needed permissions to deploy the CloudFormation stacks.
- Select Deploy the CloudFormation in AWS Console.
If you practice roles duty separation, the Dynatrace admin may have no access/permissions to the AWS environment.
In this case, select the Copy Deployment Link.
Share this deeplink and the downloaded platform tokens CSV file with your platform team and/or AWS Admins.
This will allow them to deploy the CloudFormation stack with the wizard configurations that you have set.
- Copy the settings and ingest tokens from the downloaded CSV file (the file name will follow the connection friendly name) and paste them into the corresponding CloudFormation parameters (settings token, ingest token).
- Deploy the stack.
- When the CloudFormation stacks deployment finishes successfully (which can take up to 15 minutes), go back to the wizard and confirm.
If the CloudFormation stack deployment failed, see Troubleshooting.
5. Configure Health alerts and Warning signalsOptional¶
You can configure Health alerts and Warning signals now or later.
Health alerts and warning signals help you monitor your infrastructure by providing clear, actionable insights. These features reduce the noise from infrastructure issues and improve alerting capabilities, so you can focus on what matters most. This is achieved through better categorization of detected malfunctions.
- For critical events, a Health alert is raised, triggering a Dynatrace Problems investigation.
- For non-critical situations, a Warning signal informs you of a potential challenge.
Successful onboarding involves two elements:
- In
Settings > Collect and capture > Cloud and virtualization > AWS, the new AWS connection is Healthy. - In the AWS CloudFormation console, the CloudFormation stacks are in
CREATE_COMPLETEstatus.
What's next?¶
- Go to
Clouds. AWS resources with telemetry should start to appear shortly. - See Manage your AWS connections to learn how to manage your newly created connection.
- Configure CloudWatch log group subscriptions.
Troubleshooting¶
The New connection functionality is disabled. When I hover on it, I see a message that I don't have the permissions.
Make sure that your Dynatrace IAM user has the proper permission scopes to create and manage a connection. For details, see the Create the Dynatrace IAM baseline section.
The CloudFormation stack did not complete successfully. How do I troubleshoot for the root cause?
If your CloudFormation deployment fails, it's often related to a lack of AWS IAM permissions, AWS Service limits being reached, or Service Control Policies configured in your AWS Organizations.
To run our troubleshooting helper script to discover the root cause
- Open AWS CloudShell in the AWS Management Console.
Alternatively, you can run bash with AWS CLI installed. 2. Download the script:
wget -q https://dynatrace-data-acquisition.s3.us-east-1.amazonaws.com/aws/deployment/cfn/da-activation-check.sh -O da-activation-check.sh && chmod +x ./da-activation-check.sh
./da-activation-check.sh --stack-name <activation-stack-name>.
The activation main stack name follows the AWS connection name specified the Dynatrace connections list, for example, connection name: MyEastProd3Account
To find the failure reason manually
- Go to the AWS Management Console > CloudFormation stack events and search for the root cause.
- Also search nested stacks and stackset instances (if logs/events ingest was enabled) for failed events.
If you encounter an error that you cannot resolve on your own, open a Dynatrace support ticket providing the script output.
The root cause of the CloudFormation deployment failure is an invalid or expired token. What can I do?
The best way to solve this issue is to delete the failed stack and repeat the deployment specifying valid tokens as parameters. You can start the deployment from the Dynatrace
Settings web UI to generate a new API token.
The root cause of the CloudFormation deployment failures are related to permissions, as I can see messages indicating that I'm not authorized to perform X or Y. What can I do?
If you can see in the CloudFormation stack error messages, such as "User: arn:aws: <...> is not authorized to perform: <...> on resource: <...>", it's because you haven't included the proper user/role permissions required from our policy. Update the setup by adding the required AWS permissions, clean the current setup, and restart the process.
To learn how to clean the current setup, see The CloudFormation stack did not complete successfully. I fixed the issue. How do I clean the current setup and start over?
The root cause of the CloudFormation deployment failure is that the 'Account XXX has not enabled 'Region-XYZ'. What can I do?
If you see, in the CloudFormation stack, error messages such as "Account XXX has not enabled [Region-XYZ]: ...", clean the current setup, enable that Region or remove it from the deployment parameters, and restart the process.
To learn how to clean the current setup, see The CloudFormation stack did not complete successfully. I fixed the issue. How do I clean the current setup and start over?
The root cause of the CloudFormation deployment failure is the creation of the Firehose DeliveryStream. What can I do?
If you see, in the CloudFormation stack, error messages such as "You are not subscribed to this service" or "The AWS Access key Id needs a subscription for the service (Service Firehose)", this is because new services, such as Firehose, require it to be enabled on some new accounts. See how to resolve problems when accessing a service in the AWS Management Console.
After enabling it, clean the current setup and restart the process again.
To learn how to clean the current setup, see The CloudFormation stack did not complete successfully. I fixed the issue. How do I clean the current setup and start over?
The root causes of the CloudFormation deployment failures are 404 or 400 errors. What can I do?
Please contact us at awscloudmonitoring-preview@dynatrace.com or open a Dynatrace support ticket sharing the errors you experienced.
The CloudFormation stack did not complete successfully. I fixed the issue. How do I clean the current setup and start over?
In the AWS CloudFormation console, delete the master Dynatrace stack. The main stack name follows the connection name in our example MyEastProd3Account. Follow the AWS guidelines on deleting stacks.
Once the stack and its nested stacks are completely deleted
- In Dynatrace, go to
Settings > Cloud and virtualization > AWS (Preview). - Find and select the connection action menu on the right .
- Select Delete.
- You are now able to start the wizard and create a new connection.
Not all resources created are properly tagged in Dynatrace.
Even if your organization enforces tagging via Service Control Policies or IAM, some of the resources created by CloudFormation do not support tag propagation. For details, please see AWS CloudFormation resource tagging.
I have enabled logs push-based ingest via Firehose, but I cannot seem to locate log records on Dynatrace.
Looking at the Destination error logs tab (AWS Firehose console), if you get this message:
Delivery to the endpoint was unsuccessful. See Troubleshooting HTTP Endpoints in the Firehose documentation for more information. Response received with status code. 403: "requestId":"xxxx,"errorMessage":"The authorization token does not provide the necessary permissions. details: missing_scopes=[data-acquisition:logs:ingest]
Verify that
- The platform ingest token is assigned with the correct permission scope (
data-acquisition:logs:ingest). - The Dynatrace service user linked to the token is also assigned with same token permission scope (
data-acquisition:logs:ingest). - The platform ingest token has not expired or was deleted.
- The service user has not been deleted.
- The platform token environment scope is adjusted to the correct Dynatrace environment.
When creating the platform token, why is the "service user" option grayed out?
Your IAM user might not have permission to create platform tokens for (existing) service users. Contact you Dynatrace Admin to learn if the prerequisites were followed. In this case, a specific permission scope must be granted.
Share your feedback¶
The onboarding experience is an evolving core product feature. We are continually working to collect feedback.
During the Preview, we will reach out and ask for feedback. We highly appreciate your willingness to share any suggestions. You can also share your feedback at our dedicated Dynatrace Community channel
Source: app-runner.md¶
title: Monitor AWS App Runner source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-into-aws/app-runner scraped: 2026-02-06T16:23:23.536585
Monitor AWS App Runner¶
Monitor AWS App Runner¶
- How-to guide
- 3-min read
- Published Jan 16, 2023
To deploy OneAgent on App Runner, read the instructions provided below.
Prerequisites¶
-
Create an API token in your Dynatrace environment and enable the following permissions:
-
Access problem and event feed, metrics, and topology (
DataExport) (API v1) - PaaS integration - Installer download (
InstallerDownload) - Review the list of supported applications and versions.
Integrate OneAgent into your application image¶
Build-time injection EKS, ECS, and App Runner¶
If you're using ECS, EKS, and App Runner, you can use build-time injection to embed OneAgent into your container image.
Docker multi-stage image builds
Classic integration
To use this option you need:
- Docker version 17.05+
-
OneAgent version 1.155+
-
Sign in to Docker with your Dynatrace environment ID as username and your PaaS token as password.
FROM command:
COPY --from=<your-environment-url>/linux/oneagent-codemodules:<technology> / /
ENV LD_PRELOAD /opt/dynatrace/oneagent/agent/lib64/liboneagentproc.so
-
Replace
<your-environment-url>with the URL or IP address of your environment or your ActiveGate. -
Dynatrace SaaS {your-environment-id}.live.dynatrace.com1
-
Dynatrace Managed {your-domain}/e/{your-environment-id}1
1
If you use your own environment ActiveGate, use the
<ip-address>:9999or<hostname>:9999format. * Replace<technology>with the code module required for your application. Valid options areall,java,apache,nginx,nodejs,dotnet,php,sdk, andgo. You can specify several code modules, separated by hyphen (-), for examplejava-go. Including specific technology-support options, rather than support for all technology options, results in a smaller OneAgent package.
What if my Docker image is based on Alpine Linux?
Dynatrace OneAgent supports Alpine Linux-based environments. Use this syntax:
COPY --from=<your-activegate>/linux/oneagent-codemodules-musl:<technology> / /
ENV LD_PRELOAD /opt/dynatrace/oneagent/agent/lib64/liboneagentproc.so
Valid options here are all, go, java, apache, nginx, and nodejs.
- Build your application image.
Build the Docker image from your dockerfile to use it in your Kubernetes environment:
You can monitor your application containers with a different Dynatrace environment. To do this, read the instructions below:
For OneAgent version 1.139+, if you have an existing application image where you've already added the OneAgent code modules for a specific Dynatrace environment, you can have the OneAgent report to another Dynatrace environment without rebuilding your application image.
For this you need to make a call to the REST endpoint of your second Dynatrace environment. Make sure to adapt the respective placeholders <your-environment-id> and <your-paas-token>.
curl "https://<your-environment-id>.live.dynatrace.com/api/v1/deployment/installer/agent/connectioninfo?Api-Token=<your-paas-token>"
In return, you get a JSON object that covers the required information that needs to be passed as an environment variable to the application container. Make sure you set the environment variables of the application container as described below:
DT_TENANT: equalstenantUUIDDT_TENANTTOKEN: equalstenantToken-
DT_CONNECTION_POINT: semi-colon separated list ofcommunicationEndpoints -
Add the following commands to your current Dockerfile to integrate OneAgent and activate instrumentation of your application. Define variables with optional default values using
ARGinstructions.
ARG DT_API_URL="https://<your-environment-id>.live.dynatrace.com/api"
ARG DT_API_TOKEN="<your-paas-token>"
ARG DT_ONEAGENT_OPTIONS="flavor=default&include=<technology1>&include=<technology2>"
ENV DT_HOME="/opt/dynatrace/oneagent"
RUN mkdir -p "$DT_HOME" && \
wget -O "$DT_HOME/oneagent.zip" "$DT_API_URL/v1/deployment/installer/agent/unix/paas/latest?Api-Token=$DT_API_TOKEN&$DT_ONEAGENT_OPTIONS" && \
unzip -d "$DT_HOME" "$DT_HOME/oneagent.zip" && \
rm "$DT_HOME/oneagent.zip"
ENTRYPOINT [ "/opt/dynatrace/oneagent/dynatrace-agent64.sh" ]
CMD [ "executable", "param1", "param2" ] # the command of your application, for example, Java
- The commands above that use
wgetandunzipmight fail if they aren't provided by the base image. - Replace
<your-environment-id>with your Dynatrace environment ID. If you're using Dynatrace Managed, you need to provide your Dynatrace Cluster URL (https://<YourDynatraceServerURL>/e/<your-environment-id>/api). - Replace
<your-paas-token>with your PaaS token. -
DT_ONEAGENT_OPTIONS- this is the flavor (valid options aredefaultormuslfor Alpine images) and the technology (code module).- Syntax for
defaultisflavor=default&include=all. - Syntax for
muslisflavor=musl&include=all.
- Syntax for
What if my Docker image is based on Alpine Linux?
Dynatrace OneAgent supports the flavor musl for Alpine Linuxâbased environments. Valid options for flavor=musl are all, go, java, apache, nginx, and nodejs.
2. Build your application image.
Build the Docker image from your dockerfile to use it in your Kubernetes environment:
You can monitor your application containers with a different Dynatrace environment. To do this, read the instructions below:
For OneAgent version 1.139+, if you have an existing application image where you've already added the OneAgent code modules for a specific Dynatrace environment, you can have the OneAgent report to another Dynatrace environment without rebuilding your application image.
For this you need to make a call to the REST endpoint of your second Dynatrace environment. Make sure to adapt the respective placeholders <your-environment-id> and <your-paas-token>.
curl "https://<your-environment-id>.live.dynatrace.com/api/v1/deployment/installer/agent/connectioninfo?Api-Token=<your-paas-token>"
In return, you get a JSON object that covers the required information that needs to be passed as an environment variable to the application container. Make sure you set the environment variables of the application container as described below:
DT_TENANT: equalstenantUUIDDT_TENANTTOKEN: equalstenantTokenDT_CONNECTION_POINT: semi-colon separated list ofcommunicationEndpoints
Configure network zones Optional¶
You can configure network zones as an environment variable:
DT_NETWORK_ZONE: equalsyour.network.zone
See network zones for more information.
Monitoring Consumption¶
For AWS App Runner, monitoring consumption is based on host units. See Application and Infrastructure Monitoring (Host Units) for details.
Troubleshoot¶
Related topics¶
Source: aws-beanstalk.md¶
title: Monitor AWS Elastic Beanstalk source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-into-aws/aws-beanstalk scraped: 2026-02-18T05:40:08.109856
Monitor AWS Elastic Beanstalk¶
Monitor AWS Elastic Beanstalk¶
- How-to guide
- 1-min read
- Published Jul 19, 2017
AWS Elastic Beanstalk is a service provided by Amazon Web Services (AWS) that gives you the option of deploying and auto-scaling applications and services.
As this type of installation depends heavily on user customizations, there isn't any set of steps that will work in all scenarios. The following aims to provide an overview of the entire process, with examples to help you create your own deployment.
Prerequisites¶
- Locate the
ONEAGENT_INSTALLER_SCRIPT_URL. This information is shared during Dynatrace OneAgent installation.
Locate your installer URL
To get your ONEAGENT_INSTALLER_SCRIPT_URL
- In Dynatrace Hub, select OneAgent.
-
Select Set up > Linux.
-
Determine the installer script URL and token from the UI-provided
wgetcommand:
OneAgent container image version 1.39.1000+
OneAgent container image version 1.38.1000 and earlier
This is the URL:

- Replace the value of
archparameter with<arch>. Ignore theflavor=defaultparameter. - For the
API-Tokenvalue, you need a PaaS token.
Your URL should look like this:
https://host.domain.com/api/v1/deployment/installer/agent/unix/default/latest?arch=<arch>
This is your ONEAGENT_INSTALLER_SCRIPT_URL.
This your URL and API token.

Append the API token to the URL using the API-Token parameter. Your URL should look like this:
https://host.domain.com/api/v1/deployment/installer/agent/unix/default/latest?arch=x86&flavor=default&Api-Token=<token>
This is your ONEAGENT_INSTALLER_SCRIPT_URL.
- Access to the AWS console
For configurations where OneAgent is already part of your application deployment, you don't have to manually install OneAgent or restart servers to enable service monitoring.
Download OneAgent¶
- In Dynatrace Hub, select OneAgent.
- Select Set up > Windows or Linux.
For more information, see the OneAgent installation instructions for Windows or Linux.
Customize your installation¶
- Make sure the configuration files are properly formatted YAML files.
- Don't use tabs for indentation. Only spaces are allowed.
- The Elastic Beanstalk extension script file names are importantâthe Amazon interpreter executes them in alphabetical order.
Linux
Windows
To install OneAgent, you need two configuration files:
- One file for downloading the OneAgent installer
-
Another file for invoking the installation and post-installation tasks.
-
In the Beanstalk deployment package, create a
.ebextensionsdirectory within the same directory as the main Beanstalk project source code. The two configuration files mentioned above must be placed in this directory. - Create a configuration file for downloading the installer named
0dynatraceDownload.config.
The file must contain a files section that defines:
- The download path and target file name (for example,
/tmp/dynatraceinstall.sh) - Proper user rights settings
- The OneAgent download URL mentioned in the prerequisites.
Example:
files:
"/tmp/dynatraceinstall.sh":
mode: "000755"
owner: root
group: root
source: "https://abcdefghij.live.dynatrace.com/api/v1/deployment/installer/agent/unix/default/latest?arch=x86&flavor=default&Api-Token=abcdefghijklmnopqrstu"
Make sure to replace the generic values in the example above with your own.
3. Create a configuration file to execute the OneAgent installer and perform other tasks such as service restart, named 1dynatraceInstallAndPost.config.
In the example below, the script checks for an existing OneAgent setup and, if no OneAgent is found, executes the installation from the /tmp directory, setting the --set-proxy=172.1.1.128:8080 installation parameter to connect the agent to a specific proxy. Then the httpd service is restarted.
commands:
install_dynatrace:
cwd: /tmp
command: "/bin/sh dynatraceinstall.sh --set-proxy=172.1.1.128:8080"
restart_httpd:
command: "service httpd restart"
If you want to add more parameters, separate them with spaces. To learn more about installation parameters, see how to customize OneAgent installation on Linux.
Do not use the command's env property because it overwrites, rather than appends, the existing environment and will cause OneAgent installation to fail.
4. Optional Extend your configuration.
You can also include steps to download OneAgent in your configuration.
The example below includes OneAgent download in the configuration. While this is necessary for the first installation of OneAgent, it might substantially lengthen future application updates because you download OneAgent each time you run the script. To improve your Beanstalk configuration, add a check for an existing OneAgent installation and have your scripts download OneAgent only when it isn't found on the system.
Inspect the following Linux configuration example carefully before creating your own scripts. The Amazon interpreter is sensitive to syntax errors. Take care in formatting and escaping special characters.
files:
"/tmp/dynatraceinstall.sh":
mode: "000755"
owner: root
group: root
content: |
#!/bin/bash
if [ ! -d /opt/dynatrace/oneagent ]; then
wget -O /tmp/Dynatrace-OneAgent.sh "https://abcdefghij.live.dynatrace.com/api/v1/deployment/installer/agent/unix/default/latest?arch=x86&flavor=default&Api-Token=abcdefghijklmnopqrstu"
chmod 755 /tmp/Dynatrace-OneAgent.sh
sudo chown root:root /tmp/Dynatrace-OneAgent.sh
sudo /tmp/Dynatrace-OneAgent.sh
fi
commands:
install_dynatrace:
cwd: /tmp
command: "/bin/sh dynatraceinstall.sh --set-proxy=172.1.1.128:8080"
restart_nginx:
command: service nginx restart
ignoreErrors: true
To install OneAgent, you need two configuration files:
- One file for downloading the OneAgent installer
-
Another file for invoking the installation and post-installation tasks.
-
Create a configuration file for downloading the installer named
0dynatraceDownload.config.
The file must contain a sources section that defines:
- The download destination (for example, your desktop)
- The OneAgent download URL mentioned in the prerequisites.
Example:
files:
"C:/OneAgent/Dynatrace-OneAgent-Installer.exe":
source: "https://abcdefghij.live.dynatrace.com/api/v1/deployment/installer/agent/windows/default/latest?Api-Token=abcdefghijklmnopqrstu&arch=x86&flavor=default"
Make sure to replace the generic values in the example above with your own.
2. Create a configuration file to execute the OneAgent installer and perform other tasks such as service restart, named 1dynatraceInstallAndPost.config.
The file must contain a commands section that defines the installation command for OneAgent.
Do not use the command's env property because it overwrites, rather than appends, the existing environment and will cause OneAgent installation to fail.
In the example below, the script executes the installer from the administrator's desktop folder in quiet mode (no graphical user interface involved). The file passes the --set-proxy=172.1.1.128:8080 installation parameter to connect the agent to a specific proxy.
commands:
install_oneagent:
command: "C:/OneAgent/Dynatrace-OneAgent-Installer.exe --quiet --set-proxy=172.1.1.128:8080"
If you want to add more parameters, separate them with with spaces. To learn more about installation parameters, see how to customize OneAgent installation on Windows.
You don't need to add extra commands following OneAgent installation. Amazon will restart IIS on its own after you've successfully uploaded all your application files.
Configure network zones Optional¶
To configure network zones, use the following argument: --set-network-zone=<your.network.zone>. See network zones for more information.
Monitoring consumption¶
For AWS Elastic Beanstalk, monitoring consumption is based on hosts units. See Application and Infrastructure Monitoring (Host Units) for details.
Related topics¶
- Dynatrace OneAgent
- Limit API calls to AWS using tags
- OneAgent platform and capability support matrix
Source: deploy-oneagent-using-aws-systems-manager-distributor.md¶
title: Deploy OneAgent using AWS Systems Manager Distributor source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-into-aws/aws-ec2/deploy-oneagent-using-aws-systems-manager-distributor scraped: 2026-02-18T05:44:43.921322
Deploy OneAgent using AWS Systems Manager Distributor¶
Deploy OneAgent using AWS Systems Manager Distributor¶
- How-to guide
- 8-min read
- Updated on Jan 12, 2024
With the AWS Systems Manager Distributor you can distribute and automatically deploy OneAgent on your EC2 instances using the AWS Systems Manager Distributor.
Prerequisites¶
Before you start deploying the DynatraceOneAgent distributor package, make sure your Amazon EC2 instances meet the following prerequisites:
AWS tags¶
AWS tags on instance metadata are turned off by default at launch. To allow them follow the official AWS documentation.
AWS Systems Manager¶
AWS Systems Manager must be set up for your AWS account and AWS Systems Manager Agent (SSM Agent) must be installed on the EC2 instances where you want to deploy DynatraceOneAgent distributor package. Follow the AWS Systems Manager Quick Setup or more comprehensive Setting up AWS Systems Manager.
Supported operating systems¶
The DynatraceOneAgent distributor package is supported on the following operating systems:
| Operating system | Version | Architecture |
|---|---|---|
| Windows | All OneAgent supported versions | x86-64, |
| Amazon Linux | All OneAgent supported versions | x86-64, ARM64 (AArch641) |
| Ubuntu | 16.04, 18.04, 22.04 | x86-64, ARM64 (AArch641) |
| Red Hat Enterprise Linux | 8.x, 9.x | x86-64 |
| SUSE Enterprise Linux | 15.x | x86-64, ARM64 (AArch641) |
1
Support for ARM64 architecture, including AWS Graviton processors, is in Early Adopter release.
Wget¶
Dynatrace OneAgent distributor package requires Wget installed on your Linux-based instance. If there's no Wget installed on your instance, the OneAgent distributor package will install it for you automatically. Wget is necessary to download the latest OneAgent version.
AWS CLI¶
AWS CLI is required if you're using Parameter Store or Secrets Manager to store the PaaS token. If there's no AWS CLI installed, the OneAgent distributor package will install the latest version.
If your instance is running AWS CLI version 1, you need to add the SSM_DYNATRACE_TOKEN_REGION parameter with the region where your instance is running to the SSM Distributor configuration, as region autodiscovery via EC2 IMDS is only available in AWS CLI version 2.
Limitations¶
Deploying OneAgent using AWS Systems Manager Distributor is currently not supported if you set Dynatrace Managed Cluster as the SSM_DYNATRACE_URL parameter value.
Installation¶
To install the DynatraceOneAgent distributor package
- Open the AWS Systems Manager console.
- In the navigation panel, select Distributor.
- On the Distributor page, select Third party and select the
DynatraceOneAgentpackage. - Select the installation mode. You can install or update the
DynatraceOneAgentpackage one time or schedule the installation. For details on installing the Distributor packages, see AWS Systems Manager Distributor documentation. - To configure the
DynatraceOneAgentpackage installation, add the parameters to the Additional Arguments field of the Systems Manager Run Command. The parameters require a PaaS token.
To provide a PaaS token, we recommend using a centralized cloud secret management system, such as AWS Secrets Manager or Parameter Store.
-
Provide a PaaS token via AWS Secrets Manager Recommended
-
Create a secret:
2. Add an IAM policy to the IAM role attached to your EC2 instance(s) that grants access to retrieve the secret from the Secrets Manager. Here's an example policy that's attached to the IAM role (other options can be found in the AWS User Guide):{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "secretsmanager:GetSecretValue", "Resource": "arn:aws:secretsmanager:us-east-2:123456789012:secret:dynatrace-paas-token" } ] }If your Secret is encrypted with a CMK KMS Key, you also need to grant Decrypt permissions on both: the IAM role and the KMS Key policy. For more information, check the AWS Secrets Manager documentation. 3. Provide the secret name via
* Provide a PaaS token via Parameter Store RecommendedSSM_DYNATRACE_TOKEN_SECRET_IDon the SSM Distributor package parameters. Example: -
Create a
SecureStringparameter type.2. Add an IAM policy to the IAM role attached to your EC2 instance(s) that grants access to retrieve the secret from the Parameter Store. Here's an example policy. For more information, check the AWS Systems Manager Documentation.aws ssm put-parameter --name "dynatrace-paas-token" --value "paas_token_value" --type "SecureString"3. Provide the secret name via{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "ssm:GetParameter" ], "Resource": "arn:aws:ssm:us-east-2:123456789012:parameter/dynatrace-paas-token" } ] }SSM_DYNATRACE_TOKEN_PARAMETER_NAMEon the SSM Distributor parameters. Example:* Provide a PaaS token via{ "SSM_DYNATRACE_URL" : "https://environment.live.dynatrace.com/", "SSM_DYNATRACE_TOKEN" : "abcdefghij123456", }SSM_DYNATRACE_TOKENenv variable. not-recommended
Using the
SSM_DYNATRACE_TOKENparameter is not secure because the PaaS token will be visible in the Run Command history. -
Example: Additional arguments in Systems Manager Run Command

{
"SSM_DYNATRACE_URL" : "https://your-tenant.live.dynatrace.com/",
"SSM_DYNATRACE_HOST_GROUP" : "MY-HOST-GROUP",
"SSM_DYNATRACE_MONITORING_MODE" : "infra-only",
"SSM_DYNATRACE_APP_LOG_CONTENT_ACCESS" : "true",
"SSM_DYNATRACE_TOKEN_SECRET_ID" : "dynatrace-paas-token"
}
- After you run the installation, check the progress in the Command status area. When you see the Success status it means the installation was successful.
Example: successful installation output
Initiating DynatraceOneAgent_ 1.0.51 install
Plugin aws:runPowerShellScript ResultStatus Success
install output: Running install.ps1
Installing Dynatrace OneAgent on Windows...
script version: 1.0.51
Configuration parameters:
- Dynatrace URL: https://environment.live.dynatrace.com/
--quiet
Installing Dynatrace Package on Windows...
- downloading agent from: https://environment.live.dynatrace.com/ to: %PROGRAMDATA%\Amazon\SSM\Packages\DynatraceOneAgent_\1.0.51\Dynatrace-OneAgent-Windows.exe
- running installation
- cleaning up
Done
Successfully installed DynatraceOneAgent_ 1.0.51
- In Dynatrace, go to Deployment Status. Search for recently connected EC2 hosts to verify the result of the installation.
- Restart all processes that you want to monitor. Youâll be prompted with a list of the processes that need to be restarted. Note that you can restart your processes at any time, even during your organizationâs next planned maintenance period. Though until all processes have been restarted, youâll only see a limited set of metrics, for example CPU or memory consumption.
Installation parameters¶
The DynatraceOneAgent distributor package provides a number of Dynatrace-specific parameters that map directly to the following OneAgent installation parameters.
Learn more about customizing OneAgent installation on Linux and Windows.
Distributor parameter
Maps to OneAgent parameter
Default value
Description
SSM_DYNATRACE_URL
--set-server
environment specific
The address of the OneAgent communication endpoint, which is a Dynatrace component that OneAgent sends data to. Depending on your deployment, it can be a Dynatrace SaaS cluster or an ActiveGate. A Dynatrace Managed Cluster is currently not supported. Note: Make sure you add a trailing slash at the end of URL (for example, https://environment.live.dynatrace.com/).
SSM_DYNATRACE_HOST_GROUP
--set-host-group
unset
The name of a host group you want to assign the host to.
SSM_DYNATRACE_MONITORING_MODE
--set-monitoring-mode
fullstack
When set to infra-only, activates Infrastructure Monitoring mode, in place of Full-Stack Monitoring mode. With this approach, you receive infrastructure-only health data, with no application or user performance data.
SSM_DYNATRACE_APP_LOG_CONTENT_ACCESS
--set-app-log-content-access
true
When set to true, allows OneAgent to access log files for the purpose of Log Monitoring.
SSM_DYNATRACE_TOKEN_SECRET_ID 1
N/A
N/A
The PaaS token secret name or ARN in Secrets Manager, used to get the PaaS token value.
SSM_DYNATRACE_TOKEN_PARAMETER_NAME 1
N/A
N/A
The PaaS token parameter name in Parameter Store, used to get the PaaS token value.
SSM_DYNATRACE_TOKEN_REGION
N/A
N/A
Optional AWS region used to get a secret from a different region. If not set, the AWS CLI auto discovers the instance region. (This parameter is required if you're running AWS CLI v1, as it can't discover the instance region from EC2 IMDS).
SSM_DYNATRACE_TOKEN not-recommended
N/A
N/A
The PaaS token used to download the OneAgent installer. Using the SSM_DYNATRACE_TOKEN parameter is not secure because the PaaS token will be visible in the Run Command history. Use AWS Secrets Manager or AWS Systems Manager Parameter Store.
1
Remember that SSM_DYNATRACE_TOKEN_PARAMETER_NAME and SSM_DYNATRACE_TOKEN_SECRET_ID are mutually exclusive. Choose either one.
Troubleshooting¶
- My package installation fails with 'You need to specify 'Additional Arguments' error'
- My package installation fails with 'ERROR: wrong Dynatrace URL'
- My package installation fails with 'ERROR: Can't retrieve Dynatrace PaaS token from secret store'
Related topics¶
Source: aws-ec2.md¶
title: Monitor Amazon Elastic Compute Cloud (EC2) source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-into-aws/aws-ec2 scraped: 2026-02-18T05:40:02.166273
Monitor Amazon Elastic Compute Cloud (EC2)¶
Monitor Amazon Elastic Compute Cloud (EC2)¶
- How-to guide
- 1-min read
- Published Jan 16, 2023
Capabilities¶
- Full-stack monitoring powered by OneAgent
- Enhanced support for EC2 metadata such as regions and more
- AWS Systems Manager Distributor package for easy deployment of OneAgent
- Integration with CloudWatch for metrics, properties and tags from AWS
Integrate OneAgent for fullstack monitoring¶
Monitoring Amazon EC2 instances works out of the box. Just run the regular Linux and Windows OneAgent installers.
Alternatively, you can use any infrastructure management tool such as Terraform to integrate OneAgent on your virtual machines. Dynatrace also provides an integration with the AWS Systems Manager Distributor so you can distribute and automatically deploy OneAgent on your EC2 instances.
Source: deploy-oneagent-on-ecs.md¶
title: Monitor Elastic Container Service (ECS) with EC2 launch type source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-into-aws/aws-ecs/deploy-oneagent-on-ecs scraped: 2026-02-18T05:47:23.880001
Monitor Elastic Container Service (ECS) with EC2 launch type¶
Monitor Elastic Container Service (ECS) with EC2 launch type¶
- How-to guide
- 3-min read
- Published May 18, 2020
To deploy OneAgent on AWS Elastic Container Service (ECS) clusters with EC2 launch type, follow the instructions below.
Prerequisites¶
- Create a PaaS Token.
- ECS cluster with Linux-based container instances.
- Review the list of supported applications and versions.
- Create the
ecsinstanceRoleIAM role in the ECS console.
Deploy OneAgent as a daemon service¶
This approach describes the installation of OneAgent as a daemon service in its own container. ECS orchestrates the execution of the OneAgent task on each container instance that is part of the cluster.
- On the ECS console, go to Task Definitions > Create new Task Definition. Select EC2 and then Next step.
-
In Configure task and container definitions, enter the following values:
-
Task Definition Name:
oneagent - Network Mode:
host -
Scroll down to Volumes. Click Add volume and enter the following values:
-
Name:
oneagent - Volume type:
Bind Mount - Source path:
/
Click Add to add the volume. 4. Scroll to Container Definitions and click Add container. In the Standard section, enter the following values:
- Container name:
oneagent - Image:
dynatrace/oneagent - Memory limits: as needed
There are two types of memory limits: soft and hard. ECS requires that you define the limit for at least one type of memory. We recommend using the default setting (soft limit of 256 MiBs), as it's less restrictive, but you can adjust this setting as needed. 5. In the Advanced container configuration section, go to Environment. Make sure that Essential is selected.
In Environment variables, define ONEAGENT_INSTALLER_SCRIPT_URL depending on how you connect to Dynatrace:
- For SaaS:
https://<your-environment-id>.live.dynatrace.com/api/v1/deployment/installer/agent/unix/default/latest?arch=x86&flavor=default&Api-Token=<pass_token> - For Managed:
https://<your-domain>/e/<your-environment-id>/api/v1/deployment/installer/agent/unix/default/latest?arch=x86&flavor=default&Api-Token=<pass_token> - For ActiveGate:
https://<your-active-gate-ip-or-hostname>:9999/e/<your-environment-id>/api/v1/deployment/installer/agent/unix/default/latest?arch=x86&flavor=default&Api-Token=<paas_token>
If you connect via an ActiveGate, you can skip the certificate check by adding the ONEAGENT_INSTALLER_SKIP_CERT_CHECK key with the value true.
6. Optional Add OneAgent installer parameters.
While still in Environment variables, you can customize your OneAgent installation by adding several OneAgent installer parameters in the command text box. Make sure to separate each parameter by a space. For example, --set-app-log-content-access=false --set-network-zone=<your.network.zone>.
Set the --set-network-zone=<your.network.zone> parameter if you want to configure network zones. See network zones for more information.
7. Go to Storage and logging and enter the following values in Mount point:
- Source volume:
oneagent - Container path:
/mnt/root - Scroll down to Security and set the container to run in Privileged mode.
- Click Add to add the container definition.
-
While still in the task definition, go back to Volumes and click Configure via JSON. Add the following two parameters at the root level (for example, before the
"tags"):Click Save to save the JSON configuration. 11. Click Create to save your task definition. 12. In the Task definitions menu, select the newly created OneAgent task and then click Actions > Create service. This will create a service to run your task. 13. In Configure service, enter the following values:
- Launch type:
EC2 - Task Definition:
oneagent - Service type:
DAEMON - Service name: give a name to the service.
Leave the rest of the settings set as they are by default. Follow the remaining steps until you reach and select Create service.
Once the service is created, the associated tasks will be executed. The
oneagentservice creates a task to deploy OneAgent on each container instance of your cluster.You can see the container instances displayed on the ECS cluster dashboard, and the corresponding hosts in your Dynatrace monitoring environment.
14. After deploying OneAgent, restart the running application tasks to get service-level visibility. - Launch type:
Security implications¶
See Docker security implications for details.
Limitations¶
See Docker limitations for details.
Monitoring consumption¶
For Elastic Container Service, monitoring consumption is based on hosts units. See Application and Infrastructure Monitoring (Host Units) for details.
Related topics¶
Source: aws-ecs.md¶
title: Monitor Amazon Elastic Container Service (ECS) source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-into-aws/aws-ecs scraped: 2026-02-18T05:39:42.290644
Monitor Amazon Elastic Container Service (ECS)¶
Monitor Amazon Elastic Container Service (ECS)¶
- How-to guide
- 1-min read
- Published Jan 16, 2023
To deploy OneAgent on AWS Elastic Container Service (ECS) clusters with EC2 launch type, follow the instructions below.
Prerequisites¶
- Create a PaaS Token.
- ECS cluster with Linux-based container instances.
- Review the list of supported applications and versions.
- An IAM role for your container instances should attach the
AmazonEC2ContainerServiceforEC2Rolemanaged policy. Instructions for creating this role, namedecsInstanceRole, are provided in the AWS documentation.
Deploy OneAgent as a daemon service¶
This approach describes the installation of OneAgent as a daemon service in its own container. ECS orchestrates the execution of the OneAgent task on each container instance that is part of the cluster.
Privileged mode and volume parameters are prerequisites for this deployment method. As a result, this can only be done using JSON revisions. Consider using build-time injection instead.
- On the ECS console, go to Task Definitions > Create new task definition > Create new task definition with JSON.
-
Edit the task definition JSON:
-
Set
requiresCompatibilitiesto["EC2"] - Set
familyto a unique name of your choice for the task definition, such asoneagent - Add
ipcModeand set tohost - Add
pidModeand set tohost -
Set
* Create a new dictionary in thecontainerDefinitions[0]tovolumesarray: 3. Select Create. 4. Select Create new revision > Create new revision. 5. In Infrastructure requirements, go to Network Mode and selecthost. 6. Scroll to Container - 1, go to Resource allocation limits and set the memory limits as needed
There are two types of memory limits: soft and hard. ECS requires that you define the limit for at least one type of memory. We recommend using the default setting (soft limit of 256 MiBs), as it's less restrictive, but you can adjust this setting as needed.
7. In the Environment variables section, go to Add individually and define ONEAGENT_INSTALLER_SCRIPT_URL depending on how you connect to Dynatrace:
- For Dynatrace SaaS:
https://<your-environment-id>.live.dynatrace.com/api/v1/deployment/installer/agent/unix/default/latest?arch=x86&flavor=default&Api-Token=<paas_token> - For ActiveGate:
https://<your-active-gate-ip-or-hostname>:9999/e/<your-environment-id>/api/v1/deployment/installer/agent/unix/default/latest?arch=x86&flavor=default&Api-Token=<paas_token>
If you connect via an ActiveGate, you can skip the certificate check by adding the ONEAGENT_INSTALLER_SKIP_CERT_CHECK key with the value true.
8. Optional Add OneAgent installer parameters.
While still in Environment variables, you can customize your OneAgent installation by adding several OneAgent installer parameters in the command text box. Make sure to separate each parameter by a space. For example, --set-monitoring-mode=infra-only --set-app-log-content-access=false --set-network-zone=<your.network.zone>.
Set the --set-network-zone=<your.network.zone> parameter if you want to configure network zones. See network zones for more information.
9. Scroll down to Storage > Volume - 1 and set Source path to /
10. Go to Container mount points, select Add mount point and enter the following values:
* **Container**: `oneagent`
* **Source volume**: `oneagent`
* **Container path**: `/mnt/root`
- Select Create to save your task definition.
- In the Task definitions menu, select the newly created OneAgent task and then select Deploy > Create service. This will create a service to run your task.
- In Compute configuration, select Launch type and for Launch type select
EC2. -
In Deployment configuration, perform the following actions:
- Service name: Name the service.
- Service type: Select
Daemon.
Leave the rest of the settings set as they are by default. Follow the remaining steps until you reach and select Create.
Once the service is created, the associated tasks will be executed. The
oneagentservice creates a task to deploy OneAgent on each container instance of your cluster.You can see the container instances displayed on the ECS cluster dashboard, and the corresponding hosts in your Dynatrace monitoring environment.
15. After deploying OneAgent, restart the running application tasks to get service-level visibility.
Security implications¶
See Docker security implications for details.
Limitations¶
See Docker limitations for details.
Monitoring consumption¶
For Elastic Container Service, monitoring consumption is based on host units. See Application and Infrastructure Monitoring (Host Units) for details.
Related topics¶
Source: k8s-dns-logs.md¶
title: Ingest Kubernetes DNS logs from AWS source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-into-aws/aws-eks/k8s-dns-logs scraped: 2026-02-18T05:51:08.332479
Ingest Kubernetes DNS logs from AWS¶
Ingest Kubernetes DNS logs from AWS¶
- How-to guide
- 5-min read
- Published Mar 18, 2024
This page describes how to ingest Kubernetes-related DNS logs from AWS to Dynatrace with containers running in an Amazon Elastic Kubernetes Service (EKS) Cluster.
Kubernetes and domain name resolution¶
In EKS, service discovery and domain name resolution are both done via the CoreDNS add-on, which is a flexible, extensible DNS server that can serve as the Kubernetes cluster DNS.
When you launch an Amazon EKS cluster with at least one node, two replicas of the CoreDNS image are deployed by default, regardless of the number of nodes deployed in your cluster.
Read more about working with the CoreDNS Amazon EKS add-on.
CoreDNS¶
When a pod in an EKS cluster tries to resolve the domain name www.dynatrace.com, the request is first sent to the CoreDNS service. CoreDNS keeps a local registry of the registered services in the EKS cluster and a DNS cache, to provide faster responses to incoming DNS queries.
CoreDNS does not log DNS queries by default.
To enable DNS query logging in Kubernetes, you need to enable the log plugin in the CoreDNS configuration.
- Open your Kubernetes management console to view your existing CoreDNS
ConfigMap, which includes the currentCorefile. CoreDNS service is running under thekube-systemnamespace:
Corefile from the response to the respective coredns-config.yml section. The default Kubernetes ConfigMap looks something like this:
apiVersion: v1
kind: ConfigMap
metadata:
name: coredns
namespace: kube-system
data:
Corefile: |
.:53 {
errors
health
kubernetes cluster.local in-addr.arpa ip6.arpa {
pods insecure
fallthrough in-addr.arpa ip6.arpa
}
prometheus :9153
forward . /etc/resolv.conf
cache 30
loop
reload
loadbalance
}
Corefile in your coredns-config.yml file. Output when using the default ConfigMap should be similar to this:
apiVersion: v1
kind: ConfigMap
metadata:
name: coredns
namespace: kube-system
data:
Corefile: |
.:53 {
log
errors
health
kubernetes cluster.local in-addr.arpa ip6.arpa {
pods insecure
fallthrough in-addr.arpa ip6.arpa
}
prometheus :9153
forward . /etc/resolv.conf
cache 30
loop
reload
loadbalance
}
coredns-config.yml to your CoreDNS service in Kubernetes with the following command:
As a result, the DNS query logs can now be seen in the CoreDNS pods' logs, which can now be either forwarded to Dynatrace or viewed in the AWS CloudShell environment with the command:
Route53¶
If CoreDNS doesnât have an answer for www.dynatrace.com in the registry, the DNS query is forwarded to the DNS server of the cluster Node. Usually, this is the AWS Route53 service, which is the default recursive DNS server in AWS.
Like CoreDNS, Route53 does not log DNS queries by default.
To configure Route53 to log DNS queries
- Open your AWS Management Console and go to the Route53 Dashboard page.
- From the left menu, go to Resolver > Query logging and select Configure query logging.
- Select CloudWatch Logs log group as your destination and choose a log group as the destination log group for your query logs.
- Add the VPCs that you want the queries to be logged for (for example, the VPC where your EKS nodes reside).
- Select Configure query logging to save your settings.
Read more about configuring logging for DNS queries.
DNS log content in EKS¶
Let's go through why you need both CoreDNS logs and Route53 logs with some log content.
- In CoreDNS, the query logs are stored in the following format by default:
172.31.47.132:40395 - 23683 "A IN www.dynatrace.com. udp 35 false 512" NOERROR qr,rd,ra 278 0.002157881s
The log record contains:
- the source IP address and port
- an ID of the request
- request type and class
- query itself
- some other details about the response, such as the response code, flags, and the size of the response
The fields can be configured to some extent.
Read more about the CoreDNS custom log format. * Route53 logs are stored in the following JSON structure:
{
"version":"1.100000","account_id":"<id>","region":"us-east-1","vpc_id":"vpc-<id>",
"query_timestamp":"2023-11-20T21:20:29Z","query_name":"www.dynatrace.com.","query_type":"A",
"query_class":"IN","rcode":"NOERROR","answers":[{"Rdata":"52.3.5.163","Type":"A","Class":"IN"}],
"srcaddr":"172.31.73.143","srcport":"51217","transport":"UDP","srcids":{"instance":"i-<id>"}
}
From the example above, we can see that Route53 logs contain far more details about the DNS query, including detailed content of the response data, which is needed for threat hunting. Note that we donât have the pods' IP address in Route53 logs: we can only see that an EKS Node has tried to resolve this host. Therefore, if you want to pinpoint the exact pod that's creating malicious DNS traffic, Route53 logs would not be enough.
In CoreDNS logs we can find information about the request origin (pods' IP and source port), but the logs don't contain any information about the response payload.
To find an infected process that is getting its commands from an external server via DNS responses, threat hunting is required. To perform it precisely, we need to analyze both of those logs and correlate them as needed.
Stream logs to Dynatrace¶
The easiest way to ingest logs into Dynatrace is via Amazon Data Firehose integration.
To configure it in AWS CloudShell, perform the following actions:
# setting the environment in CLI
TARGET_URL=<your_environment_URL>
TARGET_API_TOKEN=dt0c01.*****
STACK_NAME=dynatrace-log-delivery-stream
wget -O dynatrace-firehose-log-stream.yaml https://assets.cloud.dynatrace.com/awslogstreaming/dynatrace-firehose-log-stream.yaml
aws cloudformation deploy --capabilities CAPABILITY_NAMED_IAM --template-file ./dynatrace-firehose-log-stream.yaml --stack-name $STACK_NAME --parameter-overrides DtApiUrl=$DYNATRACE_API_URL DtApiToken=$DYNATRACE_API_KEY
To configure CloudWatch Logs log groups to be forwarded to Dynatrace, use the following command, both for the EKS clusters' CloudWatch Logs log group and for the log group youâre storing the Route53 logs.
wget -O dynatrace-firehose-logs.sh https://assets.cloud.dynatrace.com/awslogstreaming/dynatrace-firehose-logs.sh && chmod +x dynatrace-firehose-logs.sh
./dynatrace-firehose-logs.sh subscribe --log-groups <log-group-name> --stack-name $STACK_NAME
To see your CloudWatch Logs log group in Dynatrace, use the following DQL script in your tenant.
Source: aws-eks.md¶
title: Amazon EKS (Elastic Kubernetes Service) source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-into-aws/aws-eks scraped: 2026-02-17T05:11:54.499205
Amazon EKS (Elastic Kubernetes Service)¶
Amazon EKS (Elastic Kubernetes Service)¶
- How-to guide
- 1-min read
- Published May 04, 2020
Dynatrace OneAgent provides extensive monitoring of Elastic Kubernetes Service pods, nodes, and clusters. The OneAgent deployment process is consistent with other distributions. For more information, see What is Amazon EKS?.
For Amazon Elastic Kubernetes Service, monitoring consumption is based on host units. See Application and Infrastructure Monitoring (Host Units) for details.
Integration¶
Source: aws-fargate.md¶
title: Monitor AWS Fargate source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-into-aws/aws-fargate scraped: 2026-02-18T05:39:36.753333
Monitor AWS Fargate¶
Monitor AWS Fargate¶
- How-to guide
- 1-min read
- Updated on Oct 14, 2025
To deploy OneAgent on AWS Fargate, read the instructions provided below.
Prerequisites¶
-
Create an API token in your Dynatrace environment and enable the following permissions:
-
Access problem and event feed, metrics, and topology (API v1)
- PaaS integration - Installer download
- Review the list of supported applications and versions.
Integrate OneAgent into your application image¶
There are three ways to integrate OneAgent with AWS Fargate applications.
Automatic injection EKS¶
With automatic injection you can manage upgrades and lifecycle.
Kubernetes version 1.20+
On AWS Fargate, only the applicationMonitoring deployment without the CSI driver is supported.
Before you start installation, make sure you have a running AWS Fargate cluster. For details, see Getting started with AWS Fargate using Amazon EKS.
- Add a Fargate profile to define the Dynatrace Operator deployment.
Be sure it matches the dynatrace namespace where Dynatrace Operator will be deployed.
2. Create a dynatrace namespace.
kubectl apply -f https://github.com/Dynatrace/dynatrace-operator/releases/download/v1.8.1/kubernetes.yaml
Be sure to replace <API_TOKEN> with your own value.
Build-time injection EKS and ECS¶
With build-time injection you can embed OneAgent into your container image.
Docker multi-stage image builds
Classic integration
To use this option you need:
- Docker version 17.05+
-
OneAgent version 1.155+
-
Sign in to Docker with your Dynatrace environment ID as username and PaaS token as password.
-
Replace
<your-environment-url>with the URL or IP address of your environment or of your ActiveGate. -
Dynatrace SaaS {your-environment-id}.live.dynatrace.com1
-
Dynatrace Managed {your-domain}/e/{your-environment-id}1
1
If you use your own environment ActiveGate, use the
<ip-address>:9999or<hostname>:9999format. * Add two additional lines of code to the application image, after the lastFROMcommand:
COPY --from=<your-environment-url>/linux/oneagent-codemodules:<technology> / /
ENV LD_PRELOAD /opt/dynatrace/oneagent/agent/lib64/liboneagentproc.so
- Replace
<technology>with the code module required for your application. Valid options areall,java,apache,nginx,nodejs,dotnet,php,python,sdk, andgo. You can specify several code modules, separated by hyphen (-), for examplejava-go. Including specific technology-support options, rather than support for all technology options, results in a smaller OneAgent package.
What if my Docker image is based on Alpine Linux?
Dynatrace OneAgent supports Alpine Linux based environments. Use this syntax:
COPY --from=<your-activegate>/linux/oneagent-codemodules-musl:<technology> / /
ENV LD_PRELOAD /opt/dynatrace/oneagent/agent/lib64/liboneagentproc.so
Valid options here are all, go, java, apache, nginx, nodejs, and python.
- Build your application image.
Build the Docker image from your dockerfile to use it in your Kubernetes environment:
You can monitor your application containers with a different Dynatrace environment. To do this, read the instructions below:
For OneAgent version 1.139+, if you have an existing application image where you've already added the OneAgent code modules for a specific Dynatrace environment, you can have the OneAgent report to another Dynatrace environment without rebuilding your application image.
For this you need to make a call to the REST endpoint of your second Dynatrace environment. Make sure to adapt the respective placeholders <your-environment-id> and <your-paas-token>.
curl "https://<your-environment-id>.live.dynatrace.com/api/v1/deployment/installer/agent/connectioninfo?Api-Token=<your-paas-token>"
In return, you get a JSON object that covers the required information that needs to be passed as an environment variable to the application container. Make sure you set the environment variables of the application container as described below:
DT_TENANT: equalstenantUUIDDT_TENANTTOKEN: equalstenantTokenDT_CONNECTION_POINT: semi-colon separated list ofcommunicationEndpoints
To utilize distroless images (stripped-down versions of regular Docker images containing the only essentials required to run an application), OneAgent needs to be called in an executable form using the command instruction CMD, instead of ENTRYPOINT.
-
Set the following environment variables.
-
DT_API_URL="https://<your-environment-id>.live.dynatrace.com/api" DT_API_TOKEN="<your-paas-token>"ARCH="<x86|arm>"DT_ONEAGENT_OPTIONS="flavor=default&include=<technology1>&include=<technology2>"DT_HOME="/opt/dynatrace/oneagent"
Environment variables need to be set:
- In your current Dockerfile, to integrate OneAgent and activate instrumentation of your application.
Define variables with optional default values using
ARGinstructions. The code block below provides a template to set these environment variables. - In the runtime injection container.
ARG DT_API_URL="https://<your-environment-id>.live.dynatrace.com/api"
ARG DT_API_TOKEN="<your-paas-token>"
ARG ARCH="<x86|arm>"
ARG DT_ONEAGENT_OPTIONS="flavor=default&include=<technology1>&include=<technology2>"
ENV DT_HOME="/opt/dynatrace/oneagent"
RUN mkdir -p "$DT_HOME" && \
wget -O "$DT_HOME/oneagent.zip" "$DT_API_URL/v1/deployment/installer/agent/unix/paas/latest?arch=$ARCH&Api-Token=$DT_API_TOKEN&$DT_ONEAGENT_OPTIONS" && \
unzip -d "$DT_HOME" "$DT_HOME/oneagent.zip" && \
rm "$DT_HOME/oneagent.zip"
ENTRYPOINT [ "/opt/dynatrace/oneagent/dynatrace-agent64.sh" ]
CMD [ "executable", "param1", "param2" ] # the command of your application, for example, Java
- The commands above that use
wgetandunzipmight fail if they aren't provided by the base image. - Replace
<your-paas-token>with your PaaS token. -
DT_ONEAGENT_OPTIONS- this is the flavor (valid options aredefaultormuslfor Alpine images) and the technology (code module).- Syntax for
defaultisflavor=default&include=all. - Syntax for
muslisflavor=musl&include=all.
- Syntax for
What if my Docker image is based on Alpine Linux?
Dynatrace OneAgent supports the flavor musl for Alpine Linux based environments. Valid options for flavor=musl are all, go, java, apache, nginx, and nodejs.
2. Build your application image.
Build the Docker image from your dockerfile to use it in your Kubernetes environment:
You can monitor your application containers with a different Dynatrace environment. To do this, read the instructions below:
For OneAgent version 1.139+, if you have an existing application image where you've already added the OneAgent code modules for a specific Dynatrace environment, you can have the OneAgent report to another Dynatrace environment without rebuilding your application image.
For this you need to make a call to the REST endpoint of your second Dynatrace environment. Make sure to adapt the respective placeholders <your-environment-id> and <your-paas-token>.
curl "https://<your-environment-id>.live.dynatrace.com/api/v1/deployment/installer/agent/connectioninfo?Api-Token=<your-paas-token>"
In return, you get a JSON object that covers the required information that needs to be passed as an environment variable to the application container. Make sure you set the environment variables of the application container as described below:
DT_TENANT: equalstenantUUIDDT_TENANTTOKEN: equalstenantTokenDT_CONNECTION_POINT: semi-colon separated list ofcommunicationEndpoints
Runtime injection ECS¶
With runtime injection you can pull OneAgent when the container starts. To install Dynatrace OneAgent at runtime, you must deploy your application using a task with two container definitions. One is for downloading and unzipping the OneAgent to a shared volume, the other is your application container, which must mount the same volume.
For the runtime injection, follow the steps below.
- Go to Fargate Task Definition > Create New Task Definition and select AWS Fargate in the Infrastructure requirements > Launch type section.
- Name the task, optionally set roles and sizes, and then scroll down to Storage - optional > Volumes and select Add volume. Add a volume of type
Bind Mountnamedoneagent.
You must create a volume before creating container definitions in order to set the shared volume in each container. 3. Scroll to the bottom of Container - 1 and select Add container.
-
In the Container details subsection:
- Add a container named
install-oneagent - Set the image to Alpine version 3.8+ ("alpine:3")
- select No in the Essential container field
-
In the Resource allocation limits - conditional subsection:
-
Select the CPU and memory limits.
- Add a container named
There are two types of memory limits: soft and hard. ECS requires that you define the limit for at least one type of memory. We recommend using the default setting (soft limit of 128 MiBs), as it's less restrictive, but you can adjust it as needed. 4. In the Docker configuration - optional subsection:
- In the Entry point field, enter
/bin/sh,-c. - In the Command field, enter
ARCHIVE=$(mktemp) && wget -O $ARCHIVE "$DT_API_URL/v1/deployment/installer/agent/unix/paas/latest?arch=$ARCH&Api-Token=$DT_PAAS_TOKEN&$DT_ONEAGENT_OPTIONS" && unzip -o -d /opt/dynatrace/oneagent $ARCHIVE && rm -f $ARCHIVE. -
In the Environment variables subsection, define:
-
DT_API_URL- this is the API URL for your Dynatrace environment.- For SaaS:
https://<your-environment-id>.live.dynatrace.com/api - For Managed:
https://<cluster>/e/<your-environment-id>/api - For ActiveGate:
https://<your-active-gate-IP-or-hostname>:9999/e/<your-environment-id>/api. -
DT_ONEAGENT_OPTIONS- this is the flavor (valid options aredefaultormuslfor Alpine images) and the technology (code module). -
Syntax for
defaultisflavor=default&include=all. - Syntax for
muslisflavor=musl&include=all. DT_PAAS_TOKEN- this is your PaaS token to download the OneAgent code modules.-
ARCH- CPU architecture. -
for x86_64:
x86 - for arm64:
arm
Automatic architecture detection
Use the following script to detect the CPU architecture on Linux.
6. Choose Add container again, this time to define your application, and complete the fields in the Standard subsection according to your application requirements. 7. Scroll to Environment, and in Environment variable, defineARCH=$(uname -p); export ARCH; if [ "$ARCH" = "arm" ] || [ "$ARCH" = "arm64" ] || [ "$ARCH" = "aarch64" ]; then export ARCH="arm"; else export ARCH="x86"; fiLD_PRELOADwith the value/opt/dynatrace/oneagent/agent/lib64/liboneagentproc.so. 8. Scroll to Startup Dependency Ordering and enter the container nameinstall-oneagentand the conditionComplete. 9. Scroll to the Storage - optional section. - For SaaS:
-
Create a new volume and name it
oneagent -
Create a mount point:
- Select Add mount point
- Select
install-oneagentin the Container field - Select
oneagentin the Source volume field - Set
/opt/dynatrace/oneagentin the Container path - Select Create at the bottom of the screen to create your task definition and deploy it on your ECS cluster.
Check the Logs tab
- For the
install-oneagentcontainer, you can see the code modules' ZIP file being downloaded by wget and being unzipped. - For your application workload container, you can see the code module being loaded by the process.
In Dynatrace, your Fargate application workload container will show up in the Hosts section. The instrumented process will show up in Processes as a typical Docker container.

The runtime approach requires Fargate version 1.3+. For earlier versions, select the build-time approach.
Configure network zones Optional¶
You can configure network zones as an environment variable:
DT_NETWORK_ZONE: equalsyour.network.zone
See network zones for more information.
Monitoring consumption¶
For AWS Fargate, monitoring consumption is based on host units. To learn how host units are calculated for Dynatrace application and infrastructure monitoring, see Application and Infrastructure Monitoring (Host Units).
Troubleshoot¶
Related topics¶
Source: deploy-oneagent-on-lambda-container-images.md¶
title: Integrate Dynatrace Lambda Layer on container images source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-into-aws/aws-lambda-integration/aws-lambda-classic/aws-lambda-extension/deploy-oneagent-on-lambda-container-images scraped: 2026-02-18T05:55:36.574782
Integrate Dynatrace Lambda Layer on container images¶
Integrate Dynatrace Lambda Layer on container images¶
- How-to guide
- 4-min read
- Updated on Jan 22, 2026
As an addition to Lambda function deployment as a ZIP file, AWS Lambda offers Lambda function deployment as container images.
The container image must include the files and configuration required to run the function code. The same applies to the files and configuration of Dynatrace AWS Lambda Layer, once monitoring is enabled for the containerized Lambda function.
In a ZIP file function deployment, the Dynatrace artifacts are attached to the function with an AWS Lambda extension (which is a Lambda layer with an extension-specific folder layout).
A Lambda layer, like a function bundle, is a ZIP file extracted at function cold start time to the /opt folder of the AWS Lambda function instance.
See below for how to enable Dynatrace monitoring for a containerized Lambda function.
[
Configuration](/docs/ingest-from/amazon-web-services/integrate-into-aws/aws-lambda-integration/aws-lambda-classic/aws-lambda-extension/deploy-oneagent-on-lambda-container-images#configuration "Deploy Dynatrace Lambda Layers when deployed via a container image.")[
Copy the Lambda layer configuration snippet](/docs/ingest-from/amazon-web-services/integrate-into-aws/aws-lambda-integration/aws-lambda-classic/aws-lambda-extension/deploy-oneagent-on-lambda-container-images#copy-layer-snippet "Deploy Dynatrace Lambda Layers when deployed via a container image.")[
Add Dynatrace AWS Lambda extension to the container image](/docs/ingest-from/amazon-web-services/integrate-into-aws/aws-lambda-integration/aws-lambda-classic/aws-lambda-extension/deploy-oneagent-on-lambda-container-images#add-oneagent-extension "Deploy Dynatrace Lambda Layers when deployed via a container image.")
Step 1 Configuration¶
- Go to Trace Python, Node.js, and Java Lambda functions and follow the Configure with environment variables instructions.
- Open the projects
Dockerfilein an editor and copy the environment variables from the deployment screen. Each line must be prefixed withENVand spaces around the equal signs must be removed.
ENV AWS_LAMBDA_EXEC_WRAPPER=/opt/dynatrace
ENV DT_TENANT=abcd1234
ENV DT_CLUSTER_ID=1234567890
ENV DT_CONNECTION_BASE_URL=https://abcd1234.live.dynatrace.com
ENV DT_CONNECTION_AUTH_TOKEN=dt0a01...
Step 2 Copy the Lambda layer configuration snippet¶
- In Dynatrace Hub, select AWS Lambda.
-
Select Set up.
-
On the Enable Monitoring for AWS Lambda Functions, copy the Lambda layer configuration snippet.
Step 3 Add OneAgent extension to the container image¶
- To download the contents of the Dynatrace AWS Lambda extension to the local file system, use the following code sample for dt-awslayertool or AWS CLI.
Via dt-awslayertool
Via AWS CLI
To use the following code sample, substitute <YOUR_LAMBDA_LAYER_ARN_SNIPPET> with the copied Lambda layer snippet.
Example command
The following example command downloads the layer arn:aws:lambda:us-east-1:725887861453:layer:Dynatrace_OneAgent_1_207_6_20201127-103507_nodejs:1 and extracts its contents to the local folder DynatraceOneAgentExtension.
dt-awslayertool pull arn:aws:lambda:us-east-1:725887861453:layer:Dynatrace_OneAgent_1_207_6_20201127-103507_nodejs:1 --extract DynatraceOneAgentExtension
To learn more about dt-awslayertool, see Github.
To use the following code sample, substitute <YOUR_LAMBDA_LAYER_ARN_SNIPPET> with the copied Lambda layer snippet and <YOUR_LAMBDA_LAYER_REGION> with the Lambda layer region provided in the snippet.
curl $(aws --region <YOUR_LAMBDA_LAYER_REGION> lambda get-layer-version-by-arn --arn <YOUR_LAMBDA_LAYER_ARN_SNIPPET> --query 'Content.Location' --output text) --output layer.zip
unzip -d DynatraceOneAgentExtension layer.zip
Example command
The following code example downloads and extracts the content of arn:aws:lambda:us-east-1:725887861453:layer:Dynatrace_OneAgent_1_207_6_20201127-103507_nodejs:1 to the local folder DynatraceOneAgentExtension.
curl $(aws --region us-east-1 lambda get-layer-version-by-arn --arn arn:aws:lambda:us-east-1:725887861453:layer:Dynatrace_OneAgent_1_207_6_20201127-103507_nodejs:1 --query 'Content.Location' --output text) --output layer.zip
unzip -d DynatraceOneAgentExtension layer.zip
To learn more about AWS CLI, see AWS documentation.
2. To copy the downloaded extension content into the container image and ensure that the shell script file /opt/dynatrace is executable, use the following Dockerfile commands.
Sample Dockerfile with Dynatrace AWS Lambda extension enabled¶
This sample project creates a containerized Node.js Lambda function.
The project folder has the following files and folders:
containerized-lambda-sample
âââ Dockerfile
âââ DynatraceOneAgentExtension
âââ index.js
The content of the Dynatrace AWS Lambda Layer is assumed to be downloaded and extracted (as outlined above) to the folder DynatraceOneAgentExtension.
The handler function is exported by the index.js file:
The Dockerfile with the modifications applied to integrate Dynatrace AWS Lambda extension to the containerized function:
FROM public.ecr.aws/lambda/nodejs:18
COPY index.js ${LAMBDA_TASK_ROOT}
# --- Begin of enable Dynatrace OneAgent monitoring section
# environment variables copied from Dynatrace AWS Lambda deployment screen
# (prefix with ENV and remove spaces around equal signs)
ENV AWS_LAMBDA_EXEC_WRAPPER=/opt/dynatrace
ENV DT_TENANT=abcd1234
ENV DT_CLUSTER_ID=1234567890
ENV DT_CONNECTION_BASE_URL=https://abcd1234.live.dynatrace.com
ENV DT_CONNECTION_AUTH_TOKEN=dt0a01...
# copy Dynatrace OneAgent extension download and extracted to local disk into container image
COPY DynatraceOneAgentExtension/ /opt/
# make /opt/dynatrace shell script executable
RUN chmod +x /opt/dynatrace
# --- End of enable Dynatrace OneAgent monitoring section
CMD [ "index.handler" ]
Limitations¶
Monitoring via Dynatrace AWS Lambda extension on container images is supported only for images created from an AWS base image for Lambda and only for the runtimes that we support for non-containerized functions.
Additional resources¶
For more information on the Lambda container images, see:
- Creating Lambda container images
- Working with Lambda layers and extensions in container images
Source: troubleshoot-lambda.md¶
title: Validate integration source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-into-aws/aws-lambda-integration/aws-lambda-classic/aws-lambda-extension/troubleshoot-lambda scraped: 2026-02-17T21:32:46.326500
Validate integration¶
Validate integration¶
- Troubleshooting
- 1-min read
- Published Aug 30, 2021
This topic is about the classic AWS Lambda integration. Check out Trace Lambda functions for the latest experience.
To address the issues regarding Dynatrace AWS Lambda extension integration, start with the logs and error messages.
Logs¶
To get extensive log output on Lambda, add the variables below.
- For Node.js
DT_LOGGING_DESTINATION: stdout
DT_LOGGING_JAVA_FLAGS: log-Transformer=true,log-OpenTelemetryUtils=true,log-AsyncClassRetransformer=true,log-ClassValue=true
logOpenTelemetryUtils=true is required for use-inmemory-exporter (for debugging span-related problems).
Error messages¶
- WARNING [â¦] Unexpectedly got HTTP response with Content-Length (...)
This error message is displayed if you don't have port 9999 enabled for your ActiveGate. Go to AWS PrivateLink and VPC endpoints and set up a VPC that allows outbound communication on port 9999 to the ActiveGate endpoint.
OpenTelemetry interoperability¶
Python¶
OneAgent will not enable OpenTelemetry interoperability when it detects that the installed OpenTelemetry API version is incompatible. In this case, a line similar to the following is logged:
[Dynatrace] 2022-07-27 08:55:01.852 UTC [9-dfaf4836] INFO [dynatrace.inject.agent] opentelemetry-api version (1.10.0) is not compatible with Dynatrace SDK (1.9.1).
It is possible to override the compatibility check via configuration. For instance, when you configure OneAgent using the environment variables, add:
DT_OPEN_TELEMETRY_OVERRIDE_MAX_API_VERSION=1.11.1
to allow OpenTelemetry APIs up to version 1.11.1.
Overriding the version compatibility check might result in runtime errors and should be used with caution. You should verify if these errors still occur if an officially supported version of the OpenTelemetry API is used or when temporarily disabling the OpenTelemetry interoperability. If this resolves the problem, please use the older OpenTelemetry API until the newer version is officially supported.
Source: aws-lambda-extension.md¶
title: Trace Python, Node.js, and Java Lambda functions source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-into-aws/aws-lambda-integration/aws-lambda-classic/aws-lambda-extension scraped: 2026-02-17T21:28:50.377928
Trace Python, Node.js, and Java Lambda functions¶
Trace Python, Node.js, and Java Lambda functions¶
- How-to guide
- 14-min read
- Updated on Jan 23, 2026
This page refers to the classic AWS Lambda integration. For the latest version, see Trace Lambda functions.
Dynatrace provides you with a dedicated AWS Lambda layer that contains the Dynatrace extension for AWS Lambda. You need to add the publicly available layer for your runtime and region to your function. Then, based on your configuration method, Dynatrace provides a template or configuration for your AWS Lambda function.
Incoming invocations¶
Dynatrace can monitor incoming invocations only if they are invoked via:
- AWS SDK Lambda Invoke API
- API gateway
- Lambda function URL
- AWS SQS
- AWS SNS
For other invocation types, OneAgent can't capture any specific information or connect the trace to any parent. Invocations via the AWS SDK require the client to be instrumented with Dynatrace to connect the trace.
Prerequisites¶
- A supported AWS Lambda runtime. The Dynatrace extension supports AWS Lambda functions written in Node.js, Python, or Java. Both 64-bit ARM (AWS Graviton2 processors) and 64-bit x86 architectures are supported.
-
Java The following RAM requirements need to be met:
-
If Lambda SnapStart is enabled and OneAgent version is 1.267+, memory needs to be set to a minimum of 512 MB.
- If Lambda SnapStart is not enabled and OneAgent version is 1.265 or earlier, memory needs to be set to a minimum of 1,500 MB. To configure memory in the AWS Lambda console, go to General > Basic settings and set Memory.
A new configuration of the memory size affects the amount of virtual CPU available to the function; to learn more about it, see Monitoring overhead below.
- Note that the RAM requirements for Node.js and Python Lambda functions might be significantly lower. The compute power in AWS Lambda scales with the allocated memory, and with low memory settings the function execution time becomes much slower.
- Activate the Forward Tag 4 trace context extension OneAgent feature. Go to Settings > Preferences > OneAgent features.
[
Enable AWS Lambda](/docs/ingest-from/amazon-web-services/integrate-into-aws/aws-lambda-integration/aws-lambda-classic/aws-lambda-extension#activate-aws-lambda "Monitor Lambda functions written in Python, Node.js, and Java.")[
Choose a configuration method](/docs/ingest-from/amazon-web-services/integrate-into-aws/aws-lambda-integration/aws-lambda-classic/aws-lambda-extension#lambda-cfg-method "Monitor Lambda functions written in Python, Node.js, and Java.")[
Specify a Dynatrace API endpoint](/docs/ingest-from/amazon-web-services/integrate-into-aws/aws-lambda-integration/aws-lambda-classic/aws-lambda-extension#lambda-cfg-endpoint "Monitor Lambda functions written in Python, Node.js, and Java.")[
Enable Real User Monitoring](/docs/ingest-from/amazon-web-services/integrate-into-aws/aws-lambda-integration/aws-lambda-classic/aws-lambda-extension#lambda-cfg-rum "Monitor Lambda functions written in Python, Node.js, and Java.")[
Define an AWS layer name](/docs/ingest-from/amazon-web-services/integrate-into-aws/aws-lambda-integration/aws-lambda-classic/aws-lambda-extension#lambda-cfg-layer "Monitor Lambda functions written in Python, Node.js, and Java.")[
Deployment](/docs/ingest-from/amazon-web-services/integrate-into-aws/aws-lambda-integration/aws-lambda-classic/aws-lambda-extension#deployment "Monitor Lambda functions written in Python, Node.js, and Java.")[
Configuration options](/docs/ingest-from/amazon-web-services/integrate-into-aws/aws-lambda-integration/aws-lambda-classic/aws-lambda-extension#config-options "Monitor Lambda functions written in Python, Node.js, and Java.")[
Dynatrace AWS integration](/docs/ingest-from/amazon-web-services/integrate-into-aws/aws-lambda-integration/aws-lambda-classic/aws-lambda-extension#aws-integration "Monitor Lambda functions written in Python, Node.js, and Java.")
Step 1 Enable AWS Lambda¶
To get started
- In Dynatrace Hub, select AWS Lambda.
-
Select Set up.
-
Follow the instructions to enable monitoring of AWS Lambda functions.
Step 2 Choose a configuration method¶
Dynatrace OneAgent is distributed as a Lambda layer that can be enabled and configured manually or using well-known Infrastructure as Code (IaC) solutions.
The Lambda layer is stored in the Dynatrace AWS account 725887861453.
On the Enable Monitoring for AWS Lambda Functions page, use the How will you configure your AWS Lambda functions? list to select your preferred method, and then make sure you set all properties for the selected method before copying the generated configuration snippets.
Configure with JSON file
If you select this method, Dynatrace provides you with:
- An environment variable to add to your AWS Lambda function
- A JSON snippet that you need to copy into the
dtconfig.jsonfile in the root folder of your Lambda deployment - Lambda layer ARN
When using this method, make sure that you add the Dynatrace Lambda layer to your function. You can do this through the AWS console (Add layer > Specify an ARN and paste the ARN displayed on the deployment page) or by using an automated solution of your choice.
Enter environment variables via the AWS Console

Enter the Lambda layer ARN via the AWS Console

Configure with environment variables
When using this method, make sure that you add the Dynatrace Lambda layer to your function. The layer, as well as the environment variables, can be set either manually through the AWS console (Add layer > Specify an ARN and paste the ARN displayed on the deployment page) or by using an automated solution of your choice.
Client-side decryption of environment variables (Security in Transit) is not supported.
If you select this method, Dynatrace provides you with:
- Values to define environment variables for the AWS Lambda functions that you want to monitor
* Lambda layer ARN

Configure and deploy using Terraform
Terraform is a popular Infrastructure as Code (IaC) solution. If you select this method, Dynatrace provides you with:
- A template to define the AWS Lambda function. This includes all the configuration that you need to deploy and configure the Dynatrace AWS Lambda extension together with your functions.
- Lambda layer ARN
Configure and deploy using AWS SAM
The AWS Serverless Application Model (SAM) is an open-source framework for building serverless applications.
If you select this method, Dynatrace provides you with a template to define the AWS Lambda function. This includes all the configuration that you need to integrate the Dynatrace AWS Lambda extension.
Configure and deploy using the serverless framework
The Serverless Application option is a framework for deploying serverless stacks.
If you select this method, Dynatrace provides you with a template to define the AWS Lambda function. This includes all the configuration that you need to integrate the Dynatrace AWS Lambda extension.
Configure and deploy using AWS CloudFormation
AWS CloudFormation is an IaC solution that enables provisioning of a wide range of AWS services.
If you select this method, Dynatrace provides you with a template to define the AWS Lambda function. This includes all the configuration that you need to integrate the Dynatrace AWS Lambda extension.
Step 3 optional Specify a Dynatrace API endpoint Optional¶
This is an optional step that enables you to specify a Dynatrace API endpoint to which monitoring data will be sent.
The typical scenario is to deploy a Dynatrace ActiveGate in close proximity (the same region) to the Lambda functions that you want to monitor in order to reduce network latency, which can impact the execution and cold start time of your Lambda functions for, usually, one network request by OneAgent per Lambda invocation (which happens at the end of the invocation). See the Monitoring overhead section for typical overhead numbers.
Step 4 optional Enable Real User Monitoring Optional¶
This is an optional step to use Real User Monitoring (RUM), which provides you with deep insights into user actions and performance via the browser or in mobile apps.
Configure AWS¶
- Make sure the
x-dtcheader is allowed in the CORS settings of your monitored Lambda functions.
RUM for Lambda functions requires a specific header (x-dtc) to be sent with XHR calls to AWS. To enable it, the CORS settings of your AWS deployment must allow the x-dtc header during preflight (OPTIONS) requests. To configure CORS and allow the x-dtc header for your specific setup, see Enable CORS on a resource using the API Gateway console in AWS documentation.
Configure Dynatrace¶
To configure the x-dtc header for calls to your Lambda functions
- Go to Web, Mobile, Frontend, or Custom Applications, depending on your application type.
- Select the application you want to connect with your Lambda function.
- Select the browse menu (â¦) in the upper-right corner and select Edit.
- Select Capturing > Async web requests and SPAs.
- Make sure that your framework of choice is enabled. If your framework is not listed, enable Capture XmlHttpRequest (XHR) for generic support of
XHR. - Select Capturing > Advanced setup.
- Scroll down to the Enable Real User Monitoring for cross-origin XHR calls section and enter a pattern that matches the URL to your Lambda functions. Example:
TheAwsUniqueId.execute-api.us-east-1.amazonaws.com - Select Save. After a few minutes, the header will be attached to all calls to your Lambda function and requests from your browser will be linked to the backend.
Failed requests
If requests start failing after enabling this option, review your CORS settings. To learn how to configure CORS, see Enable CORS on a resource using the API Gateway console in AWS documentation.

Step 5 Define an AWS layer name¶
Select the AWS region and the runtime of the Lambda function to be monitored. These settings are required to provide the correct layer ARN.
Step 6 Deployment¶
Copy the configuration snippets into your deployment and use your deployment method of choice to enable the layer and set the configuration for your Lambda functions.
Step 7 Configuration options¶
Configure the AWS API Gateway¶
- If inbound (non-XHR) requests to your Lambda functions are not connected to the calling application, configure the API Gateway to pass through the Dynatrace tag. To do this, enable Use Lambda Proxy Integration on the Integration Request configuration page of the API Gateway.
- If the API Gateway is configured from the Lambda configuration page, this setting will be enabled by default. For more information, see Enable CORS on a resource using the API Gateway console.
AWS Lambda also supports non-proxy integration, whichâwithout some additional configurationâprevents Dynatrace from
- Tracing calls from other monitored applications
- RUM detection (web and mobile)
Node.jsPython To make tracing calls from other monitored applications/RUM detection work in this scenario, create a custom mapping template in the integration requests configuration.
- In the AWS API Gateway Console, go to Resources and select a request method (for example, GET).
- Select Mapping Templates and then select Add mapping template.
- Add the following content to the template:
{
"path": "$context.path",
"httpMethod": "$context.httpMethod",
"headers": {
#foreach($param in ["x-dynatrace", "traceparent", "tracestate", "x-dtc", "referer", "host", "x-forwarded-proto", "x-forwarded-for", "x-forwarded-port"])
"$param": "$util.escapeJavaScript($input.params().header.get($param))"
#if($foreach.hasNext),#end
#end },
"requestContext": {
"stage": "$context.stage"
}
}
The x-dtc header is specific to tracing RUM scenarios, whereas the remaining headers are generally needed to link traces together and extract relevant information, such as web request metadata.
4. Select Save to save your configuration.
5. Redeploy your API.
Fetch token from AWS Secrets Manager¶
OneAgent version 1.295+
Instead of specifying the authentication token explicitly in the configuration, you can configure OneAgent to fetch a token stored in AWS Secrets Manager.
Prerequisites
- Make sure you granted the
secretsmanager:GetSecretValuepermission for the authentication token secret ARN to the Lambda function monitored by OneAgent. For details, see Authentication and access control for AWS Secrets Manager in the AWS Secrets Manager documentation. -
Make sure the secret value contains only the plaintext authentication token value (without quotes). Note that
-
Secrets with JSON structure are not supported. For details, see Create an AWS Secrets Manager secret in the AWS Secrets Manager documentation.
- When you retrieve the secret value, Secrets Manager returns by default only the current secret version (
AWSCURRENTlabel). For details, see What's in a Secrets Manager secret? in the AWS Secrets Manager documentation.
To fetch the token for a tracing connection, set the token secret ARN either to the environment variable DT_CONNECTION_AUTH_TOKEN_SECRETS_MANAGER_ARN or the JSON property Connection.AuthTokenSecretsManagerArn.
This option always overrides DT_CONNECTION_AUTH_TOKEN (Connection.AuthToken). If the fetch fails, OneAgent won't be able to export trace data.
A fetch accesses AWS Secrets Manager only once, during the Lambda function's initialization phase; this causes an increase of the Lambda function's cold start duration.
The Node.js and Python layers use the AWS SDK version provided by the AWS Lambda runtime to access the secret.
To fetch the token for log collection, set another fetch.
Filter cold starts¶
One of the important metrics for Lambda is the frequency of cold starts. A cold start happens when a new instance of a Lambda function is invoked. Such cold starts take longer and add latency to your requests.
A high cold-start frequency can indicate errors or an uneven load pattern that can be mitigated using provisioned concurrency. Dynatrace reports such cold starts as a property on the distributed trace.
To analyze cold starts, select View all requests on the Lambda service details page.

In the request filter, select Function cold start in the Request property section.
This displays a page that you can filter by invocations containing Only cold start or No cold start.

Monitoring overhead¶
Enabling monitoring unavoidably induces overhead to the monitored function execution. Overhead depends on several factors, such as function runtime technology, configuration, and concrete function characteristics such as code size or execution duration and complexity.
The amount of memory configured for a function directly impacts the compute resources assigned to the function instance. For more details, see Memory and computing power.
The worst-case scenario on measured overhead is a function with an empty function handler and minimum memory configuration.
Cold start overhead¶
- For Python, cold start overhead is about 1,000 ms.
- For Node.js, cold start overhead is about 700 ms.
- For Java, cold start overhead may exceed 1,000 ms.
For the cold start benchmarking process, hello-world functions (only returning a response) were tested with 512 MB of allocated memory. It is important to note that the observed overhead may vary based on a few factors:
- Configured memory: A Lambda function is allocated CPU proportional to the memory configured which can influence its cold start performance. Functions with higher memory allocations typically exhibit faster initialization times due to the increased CPU allocation.
- Function implementation: The complexity of the actual function implementationâincluding external dependencies, initialization logic, and the runtime environmentâcan significantly impact the cold start duration.
- Runtime version: The specific runtime version or container image used can also influence cold start times.
When conducting performance evaluations, we recommend considering these factors, as they may affect the benchmarking results in real-world scenarios.
For the minimum memory configuration requirement, see Requirement for Java Lambda functions.
Response time latency¶
Latency depends on the function implementation, but is typically less than 10%. This means that the time it takes until the caller of a Lambda function receives a response might increase by 10% when the OneAgent layer is added, compared to when OneAgent is not active/present.
Code space overhead¶
The following table contains uncompressed layer sizes.
| Runtime | Code space (MB) | Code space with log collector included (MB) |
|---|---|---|
| Node.js | ~1MB | ~16MB |
| Python | ~3MB | ~18MB |
| Java | ~5MB | ~20MB |
Step 8 Dynatrace AWS integration¶
While not mandatory, we recommend that you set up Dynatrace Amazon CloudWatch integration. This allows data ingested via AWS integration to be seamlessly combined with the data collected by the Dynatrace AWS Lambda extension.

Known limitations¶
- The Dynatrace AWS Lambda extension does not support the capture of method-level request attributes.
- Most Dynatrace AWS Lambda extensions don't capture IP addresses of outgoing HTTP requests. This results in unmonitored hosts if the called service isn't monitored with Dynatrace.
- Getting auth token from AWS Secrets Manager is not supported if Lambda SnapStart is enabled.
-
Outgoing requests to another AWS Lambda function: In a monitored AWS Lambda function, the following libraries are supported for outgoing requests to another AWS Lambda function:
-
For Java: AWS SDK version 1 for Java
-
For Node.js: AWS SDK for JavaScript in Node.js:
- version 2
- version 3 (OneAgent version 1.263+)
- For Python: AWS SDK for Python (Boto3)
- Outgoing HTTP requests: In a monitored AWS Lambda function, the following libraries/HTTP clients are supported for outgoing HTTP requests:
-
For Java: Apache HTTP Client 3.x, 4.x
-
For Node.js:
- Built-in
http.request - Built-in
fetch API (OneAgent version 1.285+) - For Python:
requests,aiohttp-client,urllib3,redis-py(OneAgent version 1.289+) - Additional requirements for incoming calls for Java only: To correctly monitor the configured handler method
- Built-in
-
The configured handler class has to implement the handler method by itself. If the handler method is only defined in a base class, you have to add an override in the handler class, calling the base handler method within (usually
super.handleRequest(...)). - The handler method has to have a
Context(com.amazonaws.services.lambda.runtime.Context) parameter. - We recommend following best practice by deriving your Lambda handler class from com.amazonaws.services.lambda.runtime.RequestHandler overrriding
handleRequestand configuring that as handler method. However, as long as the previous requirements are fulfilled, OneAgent supports any valid handler function, even if not derived from that base interface. - The AWS Lambda events library must be used by your function as the types defined in the
com.amazonaws.services.lambda.runtime.eventspackage are used by OneAgent to match the corresponding invocation types for incoming calls. -
Node.js sensors and instrumentations for ES modules:
-
The Node.js AWS Lambda extension sensors (instrumentations) don't support ECMAScript modules. This means that the extension won't properly monitor outgoing calls (for example, HTTP or AWS SDK requests).
-
OpenTelemetry instrumentations don't support ECMAScript modules by default.
There is a way to make OpenTelemetry instrumentations work with ECMAScript modules, but it's experimental and has some limitations. For details, Instrumentation for ES Modules In NodeJS (experimental). * AWS Lambda Managed Instances deployment mode is not supported. This new hosting option allows deploying Lambda functions on AWS-managed EC2 instance clusters. The Dynatrace Lambda extension and code module layers currently do not support this deployment mode.
Related topics¶
Source: aws-lambda-otel-integration.md¶
title: Trace .NET Lambda functions source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-into-aws/aws-lambda-integration/aws-lambda-classic/aws-lambda-otel-integration scraped: 2026-02-17T04:56:07.098288
Trace .NET Lambda functions¶
Trace .NET Lambda functions¶
- How-to guide
- 9-min read
- Updated on Aug 24, 2023
Dynatrace uses OpenTelemetry to monitor AWS Lambda invocations.
Prerequisites¶
Ensure that you use a supported AWS Lambda runtime and that you have followed the initial configuration steps described in Monitor AWS Lambda with OpenTelemetry before using the packages below.
The following NuGet packages can be used to cover different aspects of AWS Lambda tracing:
- Recommended OpenTelemetry.Instrumentation.AWSLambda version 1.2.0-beta.1+âcontains methods to trace incoming AWS Lambda invocations, such as calls triggered by AWS SQS/SNS messages.
- Recommended OpenTelemetry.Instrumentation.AWS version 1.1.0-beta.1+âtraces outgoing AWS SDK calls to other AWS Lambda invocations and calls to AWS services, such as DynamoDB, SQS, and SNS.
- Required
Dynatrace.OpenTelemetry.Instrumentation.AwsLambdaâenables linking through outgoing AWS Lambda Invoke SDK calls from one Lambda to another. This is the only way to link these kinds of requests; however, if you don't need such linking or don't use the AWS Lambda client SDK to invoke or receive other Lambda invocations, you can replace the package withDynatrace.OpenTelemetry.
Installation¶
Any of the above-listed packages can be installed via the CLI. For example, Dynatrace.OpenTelemetry.Instrumentation.AwsLambda can be installed using the following command:
Some packages may require you to specify a version explicitly or use the --prerelease command line flag, such as
dotnet add package --prerelease OpenTelemetry.Instrumentation.AWSLambda.
Compatibility with OpenTelemetry and System.Diagnostics.DiagnosticSource versions¶
Periodically, we need to upgrade the minimum version of the OpenTelemetry NuGet package
our components depend on, and consequently, the minimum version of the System.Diagnostics.DiagnosticSource library.
This table lists the compatibility between Dynatrace.OpenTelemetry, OpenTelemetry, and System.Diagnostics.DiagnosticSource versions.
Dynatrace.OpenTelemetry version |
Minimum OpenTelemetry version |
Minimum System.Diagnostics.DiagnosticSource version |
|---|---|---|
| 1.273 and earlier | 1.1.0 | 5.0.1 |
| 1.275+ | 1.3.1 | 6.0.0 |
You don't usually need to worry about these dependencies as they're defined for you in our NuGet package. This
means that when you upgrade Dynatrace.OpenTelemetry, NuGet might implicitly upgrade your OpenTelemetry or
System.Diagnostics.DiagnosticSource version if you are currently on an earlier one.
Initialization¶
The initialization code for AWS Lambda tracing in your Function.cs file could look as follows (where Function is the configured Lambda handler class):
using System.Threading.Tasks;
using Amazon.Lambda.Core;
using Dynatrace.OpenTelemetry;
using Dynatrace.OpenTelemetry.Instrumentation.AwsLambda;
using OpenTelemetry;
using OpenTelemetry.Instrumentation.AWSLambda;
using OpenTelemetry.Trace;
[assembly: LambdaSerializer(typeof(Amazon.Lambda.Serialization.SystemTextJson.DefaultLambdaJsonSerializer))]
namespace Examples.AwsFunctionApp
{
public class Function
{
private static readonly TracerProvider TracerProvider;
static Function()
{
DynatraceSetup.InitializeLogging();
TracerProvider = Sdk.CreateTracerProviderBuilder()
.AddDynatrace()
// Configures AWS Lambda invocations tracing
.AddAWSLambdaConfigurations(c => c.DisableAwsXRayContextExtraction = true)
// Instrumentation for creation of span (Activity) representing AWS SDK call.
// Can be omitted if there are no outgoing AWS SDK calls to other AWS Lambdas and/or calls to AWS services like DynamoDB and SQS.
.AddAWSInstrumentation(c => c.SuppressDownstreamInstrumentation = true)
// Adds injection of Dynatrace-specific context information in certain SDK calls (e.g. Lambda Invoke).
// This is required if there are outgoing calls to other Lambdas or DynamoDB using AWS SDK clients.
.AddDynatraceAwsSdkInjection()
.Build();
}
}
}
- Setting the option
DisableAwsXRayContextExtractiontotrueis required to skip Amazon X-Ray parent extraction, which may conflict with the Dynatrace propagation. - If the option
SuppressDownstreamInstrumentationis set totrue, HTTP child nodes will not be shown under AWS SDK calls.
Tracing incoming AWS Lambda calls¶
Example 1: Trace an AWS Lambda invoked via AWS SDK¶
In addition to the initialization part provided above, the handler method of a Lambda invoked via AWS SDK could look as follows:
using System.Threading.Tasks;
using Amazon.Lambda.Core;
using Dynatrace.OpenTelemetry;
using Dynatrace.OpenTelemetry.Instrumentation.AwsLambda;
using OpenTelemetry;
using OpenTelemetry.Instrumentation.AWSLambda;
using OpenTelemetry.Trace;
[assembly: LambdaSerializer(typeof(Amazon.Lambda.Serialization.SystemTextJson.DefaultLambdaJsonSerializer))]
namespace Examples.AwsFunctionApp
{
public class Function
{
private static readonly TracerProvider TracerProvider;
// Use initialization code from the "Initialization" section of the docs
public Task FunctionHandlerAsync(object input, ILambdaContext context)
{
var propagationContext = AwsLambdaHelpers.ExtractPropagationContext(context);
return AWSLambdaWrapper.TraceAsync(TracerProvider, FunctionHandlerInternalAsync, input, context, propagationContext.ActivityContext);
}
private Task FunctionHandlerInternalAsync(object input, ILambdaContext context)
{
// This is just an example of function handler and should be replaced by actual code.
return Task.CompletedTask;
}
}
}
- A parent context is extracted explicitly using the
AwsLambdaHelpersclass from theDynatrace.OpenTelemetry.Instrumentation.AwsLambdapackage. - An activity tracing the incoming request and the handler is created by the
TraceAsyncmethod. TraceAsyncshould be used when you trace an async function or a function returning a task. That way, the activity ends only when the task completes.
Example 2: Trace an AWS Lambda invoked via Amazon API Gateway (incoming HTTP request)¶
In addition to the initialization part provided above, the Lambda handler invoked via Amazon API Gateway could look as follows:
using Amazon.Lambda.APIGatewayEvents;
using Amazon.Lambda.Core;
using Dynatrace.OpenTelemetry;
using Dynatrace.OpenTelemetry.Instrumentation.AwsLambda;
using OpenTelemetry;
using OpenTelemetry.Instrumentation.AWSLambda;
using OpenTelemetry.Trace;
[assembly: LambdaSerializer(typeof(Amazon.Lambda.Serialization.SystemTextJson.DefaultLambdaJsonSerializer))]
namespace Examples.AwsFunctionApp
{
public class Function
{
private static readonly TracerProvider TracerProvider;
// Use initialization code from the "Initialization" section of the docs
public APIGatewayHttpApiV2ProxyResponse FunctionHandler(APIGatewayHttpApiV2ProxyRequest request, ILambdaContext context)
{
return AWSLambdaWrapper.Trace(TracerProvider, FunctionHandlerInternal, request, context);
}
private APIGatewayHttpApiV2ProxyResponse FunctionHandlerInternal(APIGatewayHttpApiV2ProxyRequest request, ILambdaContext context)
{
// This is just an example of function handler and should be replaced by actual code.
return new APIGatewayHttpApiV2ProxyResponse
{
StatusCode = 200,
Body = "Example function result",
};
}
}
}
- A parent context is extracted from the incoming request in the
Trace(orTraceAsync) method. - An activity tracing the incoming request and the handler is created by the
Tracemethod. - In general, the
Trace/TraceAsyncmethods support any trigger, but extended support is available for theAPIGatewayProxyRequestandAPIGatewayHttpApiV2ProxyRequesttrigger types. For more details about request/response types, consult the GitHub documentation. Traceshould only be used when you have a function returning something other than aTask. For the asynchronous handler,TraceAsyncshould be used instead.
Example 3: Tracing without the AwsLambda package¶
If you prefer not to use the OpenTelemetry.Instrumentation.AWSLambda package, you can manually create an activity for Lambda. Note that this involves quite a bit of work, as Dynatrace requires certain activity tags (span attributes) to detect the service (conforming to the OpenTelemetry FaaS trace conventions
and resource conventions). You also need to manually extract the parent context.
For this example, only the Dynatrace.OpenTelemetry.Instrumentation.AwsLambda package is required.
using System;
using System.Collections.Generic;
using System.Diagnostics;
using System.Reflection;
using Amazon.Lambda.APIGatewayEvents;
using Amazon.Lambda.Core;
using Dynatrace.OpenTelemetry;
using Dynatrace.OpenTelemetry.Instrumentation.AwsLambda;
using OpenTelemetry;
using OpenTelemetry.Context.Propagation;
using OpenTelemetry.Trace;
[assembly: LambdaSerializer(typeof(Amazon.Lambda.Serialization.SystemTextJson.DefaultLambdaJsonSerializer))]
namespace Examples.AwsFunctionApp
{
public class Function
{
private static readonly TracerProvider TracerProvider;
private static readonly ActivitySource ActivitySource;
static Function()
{
DynatraceSetup.InitializeLogging();
var activitySourceName = Assembly.GetExecutingAssembly().GetName().Name;
ActivitySource = new ActivitySource(activitySourceName);
TracerProvider = Sdk.CreateTracerProviderBuilder()
.AddSource(activitySourceName)
.AddDynatrace()
.Build();
}
public static IEnumerable<KeyValuePair<string, object>> GetFunctionTags(ILambdaContext context, string trigger)
{
return new KeyValuePair<string, object>[]
{
new("faas.name", context.FunctionName),
new("faas.id", context.InvokedFunctionArn),
new("faas.trigger", trigger),
new("cloud.platform", "aws_lambda"),
new("cloud.provider", "aws"),
new("cloud.region", Environment.GetEnvironmentVariable("AWS_REGION")),
};
}
public APIGatewayProxyResponse FunctionHandler(APIGatewayHttpApiV2ProxyRequest apiGatewayProxyEvent, ILambdaContext context)
{
try
{
var parentContext = ExtractParentContext(apiGatewayProxyEvent, context);
using var activity = ActivitySource.StartActivity(ActivityKind.Server, parentContext, GetFunctionTags(context, "http"));
return new APIGatewayProxyResponse
{
StatusCode = 200,
Body = "Example function result",
};
}
catch (Exception ex)
{
context.Logger.LogLine($"Exception occurred while handling request: {ex.Message}");
throw;
}
finally
{
TracerProvider?.ForceFlush();
}
}
private static ActivityContext ExtractParentContext(APIGatewayHttpApiV2ProxyRequest apiGatewayProxyEvent, ILambdaContext context)
{
var propagationContext = AwsLambdaHelpers.ExtractPropagationContext(context);
if (propagationContext == default)
{
propagationContext = Propagators.DefaultTextMapPropagator.Extract(default, apiGatewayProxyEvent, HeaderValuesGetter);
}
return propagationContext.ActivityContext;
}
private static IEnumerable<string> HeaderValuesGetter(APIGatewayHttpApiV2ProxyRequest apiGatewayProxyEvent, string name) =>
(apiGatewayProxyEvent.Headers != null && apiGatewayProxyEvent.Headers.TryGetValue(name.ToLowerInvariant(), out var value)) ? new[] { value } : null;
}
}
Tracing AWS SDK calls¶
You can use open-source instrumentation NuGet packages to trace Amazon DynamoDB calls using client like AmazonDynamoDBClient or SQS and SNS calls using clients like AmazonSQSClientor AmazonSimpleNotificationServiceClient.
To set up tracing of AWS SDK calls,
-
Make sure that the following packages are added to your project:
-
OpenTelemetry.Instrumentation.AWSLambda OpenTelemetry.Instrumentation.AWS
To learn more about the packages, see Prerequisites. 2. After you add packages to your project, add the following initialization code:
using Dynatrace.OpenTelemetry;
using OpenTelemetry;
using OpenTelemetry.Trace;
namespace Examples.AwsFunctionApp
{
public class Function
{
private static readonly TracerProvider TracerProvider;
static Function()
{
DynatraceSetup.InitializeLogging();
TracerProvider = Sdk.CreateTracerProviderBuilder()
.AddDynatrace()
.AddAWSLambdaConfigurations(c =>
{
c.DisableAwsXRayContextExtraction = true;
c.SetParentFromBatch = true;
})
// Instrumentation used for tracing outgoing calls to AWS services via AWS SDK (including Amazon DynamoDB, SQS/SNS).
// Can be omitted if no outgoing AWS SDK calls expected.
.AddAWSInstrumentation(c => c.SuppressDownstreamInstrumentation = true)
.Build();
}
}
}
Values description
SuppressDownstreamInstrumentation
When set totrue, HTTP child nodes will not be shown under AWS SDK calls.-
SQS
SetParentFromBatchIt controls whether the parent Activity should be set when a potentially batched event is received where multiple parents would be available (e.g. SQS). When set to
truethe parent is set using one of the received messages. Else, the parent is not set. In both cases, links will be created. *DisableAwsXRayContextExtraction
We reccomend to set it totrueto skip Amazon X-Ray parent extraction and avoid conflicts with the Dynatrace propagation.
Tracing of Amazon DynamoDB operations¶
To trace Amazon DynamoDB calls, set up AWS SDK instrumentation, ensure you have at least version 1.327.0 of Dynatrace.OpenTelemetry.Instrumentation.AwsLambda and add call .AddDynatraceAwsSdkInjection() to your initialization code.
Dynatrace.OpenTelemetry.Instrumentation.AwsLambda and add call .AddDynatraceAwsSdkInjection() to your initialization code.
In the following example, the DynamoDB operations DescribeTable, UpdateItem, and GetItem are represented as separate span child nodes with a common parent outbound-aws-dotnet in eu-central-1 (Lambda function performing DynamoDB operations):

Tracing of outgoing SQS/SNS messages¶
To trace outgoing SQS/SNS messages, set up AWS SDK instrumentation. No additional code is required.
Tracing of incoming SQS/SNS messages¶
To trace incoming SQS/SNS messages,
- Set up AWS SDK instrumentation.
- Wrap the function handler into one of the tracing methods of the
AWSLambdaWrapperclass:
using Amazon.Lambda.Core;
using Amazon.Lambda.SQSEvents;
using Dynatrace.OpenTelemetry;
using OpenTelemetry;
using OpenTelemetry.Instrumentation.AWSLambda;
using OpenTelemetry.Trace;
using System.Threading.Tasks;
namespace Examples.AwsFunctionApp
{
public class Function
{
private static readonly TracerProvider TracerProvider;
static Function()
{
// See "Set up tracing for AWS SDK calls" section above.
}
public Task Handler(SQSEvent sqsEvent, ILambdaContext context) =>
AWSLambdaWrapper.TraceAsync(tracerProvider, HandlerInternal, sqsEvent, context);
private Task HandlerInternal(SQSEvent sqsEvent, ILambdaContext context)
{
// This is just an example of async function handler and it should be replaced by actual code.
return Task.CompletedTask;
}
}
}
Special considerations for HttpClient instrumentation¶
Because with AWS Lambda the function execution environment might be suspended at any time after the function handler execution, the span export might be interrupted or delayed (for example, in some cases, the span might not be exported at all) and outgoing HTTP requests will typically appear only with the next function invocation.
However, outgoing HTTP request activities related to AWS Runtime API might be captured by OpenTelemetry HttpClient instrumentation in the current function invocation, even if unexpected. To avoid unexpected outgoing HTTP requests in the current function invocation, we recommend configuring the following filter when initializing the HttpClient instrumentation.
var tracerProvider = Sdk.CreateTracerProviderBuilder()
// Initialization code similar to previous examples...
.AddHttpClientInstrumentation(op =>
{
op.FilterHttpRequestMessage = req => Activity.Current?.Parent?.IsAllDataRequested ?? false;
})
.Build();
Support of .NET Lambda functions with container images¶
Starting from .NET 6, Lambda functions can be built and deployed as container images. Initialization and tracing for Managed .NET runtime apply to container image functions without any changes.
Source: lambda-otel-bridge-java.md¶
title: OpenTelemetry interoperability in Java source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-into-aws/aws-lambda-integration/aws-lambda-classic/opentelemetry-interoperability/lambda-otel-bridge-java scraped: 2026-02-18T05:52:35.712995
OpenTelemetry interoperability in Java¶
OpenTelemetry interoperability in Java¶
- Reference
- 7-min read
- Updated on Sep 19, 2024
OneAgent version 1.225+
OpenTelemetry interoperability connects the Dynatrace AWS Lambda extension to the OpenTelemetry Java API to use the instrumentation packages and extensions. You can then monitor technologies like databases or messaging frameworks that aren't supported by Dynatrace AWS Lambda extension out of the box.
Before you start¶
Ensure that OpenTelemetry interoperability is enabled.
Use OpenTelemetry Java instrumentation¶
OpenTelemetry for Java provides several instrumentation packages in their OpenTelemetry Java instrumentation repository that can be used in combination with the Dynatrace AWS Lambda extension for additional visibility into certain technologies.
Example: Instrument AWS SDK for Java to monitor a DynamoDB database
Dynatrace version 1.277+ The following example shows how the OpenTelemetry AWS SDK instrumentation packages can be used to monitor calls to a DynamoDB database.
Depending on the AWS SDK version you use, add one of the following packages to your package manager configuration (for example, Maven or Gradle).
AWS SDK version
Package to add
Notes
v1
opentelemetry-aws-sdk-1.11-autoconfigure
Experimental span attributes must be enabled via system property (otel.instrumentation.aws-sdk.experimental-span-attributes=true) or environment variable (OTEL_INSTRUMENTATION_AWS_SDK_EXPERIMENTAL_SPAN_ATTRIBUTES=true).
v2
opentelemetry-aws-sdk-2.2-autoconfigure
Once the package has been added as a dependency, instrumentation is automatically added to capture requests to DynamoDB.
For the instrumentation to capture an item, query the item from DynamoDB using the AWS SDK, as in the code example below.
import java.util.Map;
import com.amazonaws.services.lambda.runtime.Context;
import com.amazonaws.services.lambda.runtime.RequestHandler;
import com.amazonaws.services.lambda.runtime.events.APIGatewayV2HTTPEvent;
import com.amazonaws.services.lambda.runtime.events.APIGatewayV2HTTPResponse;
import software.amazon.awssdk.services.dynamodb.DynamoDbClient;
import software.amazon.awssdk.services.dynamodb.model.AttributeValue;
import software.amazon.awssdk.services.dynamodb.model.GetItemRequest;
public class SimpleDynamoDBSample implements RequestHandler<APIGatewayV2HTTPEvent, APIGatewayV2HTTPResponse> {
public APIGatewayV2HTTPResponse handleRequest(APIGatewayV2HTTPEvent input, Context context) {
GetItemRequest request = GetItemRequest.builder()
.key(Map.of("mykey", AttributeValue.fromN("42")))
.tableName("MyTable")
.build();
try (DynamoDbClient dynamoDbClient = DynamoDbClient.builder().build()) {
dynamoDbClient.getItem(request);
} catch (Exception e) {
return APIGatewayV2HTTPResponse.builder().withBody("error!").withStatusCode(500).build();
}
return APIGatewayV2HTTPResponse.builder().withBody("success!").withStatusCode(200).build();
}
}
After running the code example above, you'll see the DynamoDB database and individual requests in the related database service.

Use OpenTelemetry Java API¶
OpenTelemetry Java can be used in an SDK-like approach to trace additional operations that aren't covered by Dynatrace out of the box.
@Override
public String handleRequest(Object input, Context context) {
Tracer tracer = GlobalOpenTelemetry.getTracer("instrumentation-library-name", "1.0.0");
Span span = tracer.spanBuilder("do some work").startSpan();
try {
span.setAttribute("foo", "bar");
// ....
return "Hello from OpenTelemetry Java!";
} finally {
span.end();
}
}
The Dynatrace AWS Lambda extension captures only spans created via tracers from GlobalOpenTelemetry and might not work if you try to manually (re)configure GlobalOpenTelemetry.
Trace AWS SQS messages with Java¶
OneAgent version 1.267+
You can use open-source instrumentation packages to trace AWS SQS and SNS messages and collect them via the Dynatrace AWS Lambda extension.
[
Install the required dependencies](#dependencies-java)[
Send an SQS/SNS message](#send-message-java)[
Receive an SQS/SNS message](#receive-message-java)
Step 1 Install the required dependencies¶
To enable automatic instrumentation of SQS messages, make sure you have installed the following.
- AWS SDK version 2.2+ for sending the messages.
You can use the v1 and v2 SDK in the same Lambda function if you need version v1 in your function. 2. io.opentelemetry.instrumentation:opentelemetry-aws-sdk-2.2-autoconfigure version 1.27+ added as a runtime-only dependency.
The full set of dependencies used in the examples, in Gradle format, is as follows.
dependencies {
// Instrumentation for SQS dependencies
implementation(platform('io.opentelemetry.instrumentation:opentelemetry-instrumentation-bom-alpha:1.27.0-alpha'))
runtimeOnly('io.opentelemetry.instrumentation:opentelemetry-aws-sdk-2.2-autoconfigure')
// Only needed if you want to trace messages from batches separately
implementation('io.opentelemetry:opentelemetry-api') // (Version taken from otel-instrumentation BOM)
// Dependencies for the AWS SDK itself -- you should already have this in your Lambda if you send SQS messages
implementation(platform('software.amazon.awssdk:bom:2.20.85'))
implementation('software.amazon.awssdk:sqs') // Uses version from above BOM
// Basic AWS Lambda dependencies -- you should already have this in your Lambda
implementation('com.amazonaws:aws-lambda-java-events:3.6.0') // SQSEvent input, etc
implementation('com.amazonaws:aws-lambda-java-core:1.2.1') // RequestHandler interface, etc
}
Step 2 Send an SQS message¶
The example below shows a Lambda handler that sends a SQS message.
package com.dynatrace.example.lambda;
import com.amazonaws.services.lambda.runtime.Context;
import com.amazonaws.services.lambda.runtime.RequestHandler;
import software.amazon.awssdk.services.sqs.SqsClient;
import software.amazon.awssdk.services.sqs.model.SendMessageResponse;
public class MessageSender implements RequestHandler<Object, Void> {
private static final SqsClient client = SqsClient.create();
@Override
public Void handleRequest(Object input, Context context) {
final SendMessageResponse resp = client.sendMessage(builder -> builder
.queueUrl("[your SQS-queue URL]")
.messageBody("[your payload]")
);
System.out.printf("Sent message with ID %s (send request ID %s)%n",
resp.messageId(),
resp.responseMetadata().requestId());
return null;
}
}
Note that no extra code is required for tracing because the runtimeOnly dependency added in the first
step automatically installs a handler that creates a span behind the scenes in the sendMessage call using
the OpenTelemetry API, and OneAgent picks up that span automatically.
Additionally, you need to enable the OneAgent OpenTelemetry integration and set the environment variable
OTEL_INSTRUMENTATION_AWS_SDK_EXPERIMENTAL_USE_PROPAGATOR_FOR_MESSAGING to true in your Lambda function's configuration.
Step 3 Receive an SQS/SNS message¶
Receiving messages works out of the box when you use an AWS Lambda with an SQS trigger monitored with the Dynatrace AWS Lambda extension.
Because a span can have only a single parent, if your Lambda function receives a batch of multiple messages, you need to manually create spans to process each message if you want to track them separately and have them linked to the sender.
- If that is enough for you, or you have a maximum batch size of one configured, or you send messages only rarely, no additional code or configuration is required.
- If you want to gain more insights into a batch scenario with multiple messages, you first need to apply some configuration to allow you to override the parent span.
To configure the Dynatrace AWS Lambda extension to allow setting parent spans manually:
-
For the environment variables configuration method, set the
+ For the JSON file configuration method, inDT_OPEN_TELEMETRY_ALLOW_EXPLICIT_PARENTenvironment variable totrue:dtconfig.json, set the following field totrue:
Then new spans can be created with the parent span extracted from each received SQS message.
The following code processes messages one by one and links them to the sender as a parent span.
package com.dynatrace.example.lambda;
import java.util.Map;
import com.amazonaws.services.lambda.runtime.Context;
import com.amazonaws.services.lambda.runtime.RequestHandler;
import com.amazonaws.services.lambda.runtime.events.SQSEvent;
import io.opentelemetry.api.GlobalOpenTelemetry;
import io.opentelemetry.api.trace.Span;
import io.opentelemetry.api.trace.Tracer;
import io.opentelemetry.context.Scope;
import io.opentelemetry.context.propagation.TextMapGetter;
public class MessageIngress implements RequestHandler<SQSEvent, Void> {
private static final Tracer tracer = GlobalOpenTelemetry.getTracer("message-ingress-app");
@Override
public Void handleRequest(SQSEvent input, Context context) {
for (SQSEvent.SQSMessage message: input.getRecords()) {
Span span = tracer
.spanBuilder(message.getEventSource() + " process")
.setSpanKind(SpanKind.CONSUMER) // MUST be either CONSUMER or SERVER
.setParent(GlobalOpenTelemetry
.getPropagators()
.getTextMapPropagator()
.extract(
io.opentelemetry.context.Context.current(),
message.getMessageAttributes(),
SqsMessageRecordGetter.INSTANCE))
.startSpan();
try (Scope ignored = span.makeCurrent()) {
handleMessage(message);
} catch (Throwable e) {
span.recordException(e);
throw e;
} finally {
span.end();
}
}
return null;
}
private void handleMessage(SQSEvent.SQSMessage message) {
// This is where your actual handling code would go
System.out.printf("Handling message with ID %s...%n", message.getMessageId());
}
private enum SqsMessageRecordGetter implements TextMapGetter<Map<String, SQSEvent.MessageAttribute>> {
INSTANCE;
@Override
public Iterable<String> keys(Map<String, SQSEvent.MessageAttribute> carrier) {
return carrier.keySet();
}
@Override
public String get(Map<String, SQSEvent.MessageAttribute> carrier, String key) {
if (carrier == null) {
return null;
}
SQSEvent.MessageAttribute messageAttribute = carrier.get(key);
return messageAttribute == null ? null : messageAttribute.getStringValue();
}
}
}
This code requires a dependency on the OpenTelemetry Java API and enabling the OpenTelemetry integration in OneAgent as explained above in Use OpenTelemetry Java API.
When you deploy the two Lambda functions, add OneAgent, create an SQS queue that the MessageSender sends to, and add a trigger to MessageIngress to receive from that queue, and then invoke the MessageSender function (for example, using the default test event), you should get a distributed trace that looks something like this:

You may wonder why both the receiving function and the processing span are direct children of the Sqs.SendMessage
span instead of the processing span being a child of the receiving lambda function.
This structure is required to be prepared for batch receives. When you send multiple messages to the queue quickly, your receiver can process a batch of up to 10 messages at once. In this case, there are multiple sender spans from different traces, and the trace structure implemented in the sample code ensures that each process span is linked to the Sqs.SendMessage span of the respective message. Because a span can have only a single parent, the receiving Lambda invoke span can be a child of only one (random) sender.
Related topics¶
Source: lambda-otel-bridge-nodejs.md¶
title: OpenTelemetry interoperability in Node.js source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-into-aws/aws-lambda-integration/aws-lambda-classic/opentelemetry-interoperability/lambda-otel-bridge-nodejs scraped: 2026-02-18T05:57:45.197668
OpenTelemetry interoperability in Node.js¶
OpenTelemetry interoperability in Node.js¶
- How-to guide
- 9-min read
- Updated on Jun 20, 2024
OneAgent version 1.229+
OpenTelemetry interoperability connects the Dynatrace AWS Lambda extension to the OpenTelemetry Node.js instrumentation to use the instrumentation packages and extensions. You can then monitor technologies like databases or messaging frameworks that aren't supported by Dynatrace AWS Lambda extension out of the box.
Before you start¶
- Ensure that OpenTelemetry interoperability is enabled.
- Verify that the installed JavaScript OpenTelemetry API is compatible with the Dynatrace AWS Lambda extension. The following table lists the compatible versions:
| OneAgent version | Maximum OpenTelemetry API version |
|---|---|
| 1.229+ | 1.0.x |
| 1.241+ | 1.1.x |
| 1.257+ | 1.2.x |
| 1.259+ | 1.3.x |
| 1.261+ | 1.4.x |
| 1.279+ | 1.6.x |
| 1.283+ | 1.7.x |
| 1.289+ | 1.8.x |
| 1.297+ | 1.9.x |
Use OpenTelemetry Node.js instrumentation¶
When using an OpenTelemetry Node.js instrumentation, the configuration of all necessary OpenTelemetry SDK components and the registration of a TracerProvider are automatically handled by the Dynatrace AWS Lambda extension, so you don't need to register another TracerProvider.
Instrumentation packages for JavaScript can be found in the OpenTelemetry JavaScript contributions repository. Note that
- Some instrumentations might interfere with the Dynatrace HTTP and Lambda instrumentations and are automatically suppressed. These include @opentelemetry/instrumentation-http and @opentelemetry/instrumentation-aws-lambda.
- @opentelemetry/auto-instrumentations-node use is discouraged, as it includes many different instrumentations.
- If
opentelemetry/instrumentation-aws-sdk is used to instrument AWS SDK V3, provided by the Node.js v18 and v20 Lambda runtimes, it will work for instrumentation version 0.36.0+.
Example: Instrument calls in your Node.js Lambda function via instrumentation package
The following code example shows how to instrument PostgreSQL calls in your Node.js Lambda function by using the opentelemetry-instrumentation-pg instrumentation package.
const { registerInstrumentations } = require('@opentelemetry/instrumentation');
const { PgInstrumentation } = require('@opentelemetry/instrumentation-pg');
// You must create the PgInstrumentation (and other instrumentations)
// before loading any corresponding modules, such as `require('pg')`.
registerInstrumentations({
instrumentations: [
new PgInstrumentation(),
],
});
const { Client } = require('pg');
exports.handler = async function myHandler(event, context) {
let client;
try {
client = new Client(/* DB connection information */);
await client.connect();
const result = await client.query('SELECT * FROM users;');
return result.rows;
} finally {
client?.end();
}
}
To instrument the AWS SDK for JavaScript, OpenTelemetry provides the opentelemetry/instrumentation-aws-sdk instrumentation package.
Example: Instrument AWS SDK for JavaScript to monitor a DynamoDB database
The following code example shows how the opentelemetry/instrumentation-aws-sdk instrumentation package can be used to add observability for calls to a DynamoDB database (Dynatrace version 1.244+).
const AWS = require('aws-sdk');
const { registerInstrumentations } = require('@opentelemetry/instrumentation');
const { AwsInstrumentation } = require('@opentelemetry/instrumentation-aws-sdk');
registerInstrumentations({
instrumentations: [
new AwsInstrumentation()
]
});
exports.handler = function(event, context) {
const ddb = new AWS.DynamoDB();
const dbParamsGetDelete = {
TableName: 'E2E_test_table',
Key: {
'svnr': { N: '1234'}
}
};
ddb.getItem(dbParamsGetDelete, function(err, data) {
if (err) {
console.error('Error', err);
} else {
console.log('Success', data.Item);
}
});
};
After running the above code snippet, the DynamoDB service page looks as follows.

Use OpenTelemetry Node.js API¶
OpenTelemetry JavaScript can be used in an SDK-like approach to trace additional operations that aren't covered by an instrumentation package.
const opentelemetry = require('@opentelemetry/api');
const tracer = opentelemetry.trace.getTracer('my-package-name');
exports.handler = function(event, context) {
// create a span using the OTel API
const span = tracer.startSpan('do some work');
span.setAttribute('foo', 'bar');
span.end();
// ...
const response = {
statusCode: 200,
body: JSON.stringify('Hello from Node.js'),
};
return response;
};
Trace AWS SQS and SNS messages with Node.js¶
OneAgent version 1.253+ for SQS OneAgent version 1.257+ for SNS
You can use @opentelemetry/instrumentation-aws-sdk package to trace AWS SQS and SNS messages and collect the traces via Dynatrace AWS Lambda extension.
[
Install the required dependencies](#dependencies-node)[
Set up tracing](#set-up-tracing-node)[
Send an SQS/SNS message](#sqs-message-node)[
Receive an SQS/SNS message](#receive-message-node)
Step 1 Install the required dependencies¶
npm install @opentelemetry/api @opentelemetry/instrumentation-aws-sdk @opentelemetry/instrumentation aws-sdk
Step 2 Set up tracing¶
Use the following code to set up tracing for sending SQS messages to an SQS queue from a Dynatrace-monitored Node.js application:
const { AwsInstrumentation } = require('@opentelemetry/instrumentation-aws-sdk');
const { registerInstrumentations } = require('@opentelemetry/instrumentation');
// The instrumentation must be registered before importing the aws-sdk module!
registerInstrumentations({
instrumentations: [
new AwsInstrumentation()
]
});
// You can now import the aws-sdk module if needed:
const AWS = require('aws-sdk');
Step 3 Send an SQS/SNS message¶
- Via Node.js HTTP server:
When you make a request to the HTTP server, a message is sent to an SQS queue or SNS topic. If you send a message before the trace root span exists, make sure to create the trace root span manually. For details on the span manual creation with OpenTelemetry, see Use OneAgent with OpenTelemetry data.
Example
In this code example, a trace root span for the incoming HTTP request is created by the tracer.
const http = require("http");
const AWS = require('aws-sdk');
const sqs = new AWS.SQS();
const sns = new AWS.SNS();
const server = http.createServer((req, res) => {
const messageSendCallback = function (err, message) {
if (err) {
console.log("failed to send a message: " + err);
res.writeHead(500);
res.end("failure");
} else {
console.log("Success", message.MessageId);
res.writeHead(200);
res.end("success");
}
}
if (req.url === "/send-sqs-message") {
const params = {
DelaySeconds: 10,
MessageBody: "[your payload]",
QueueUrl: "[your SQS-queue URL]"
};
sqs.sendMessage(params, messageSendCallback);
} else if (req.url === "/send-sns-message") {
const params = {
Message: "[your payload]",
TopicArn: "[your SNS-topic ARN]"
};
sns.publish(params, messageSendCallback);
} else {
res.writeHead(404);
res.end("not found");
}
});
server.on("close", () => { console.log("Closing server") });
server.listen(8004, () => {
console.log("server started!");
});
A request to the /send-sqs-message path should produce traces as shown below.

The second node in the distributed trace named sqs-minimal-sample-nodejs-receiver-trigger send represents the sent SQS message and is generated by the aws-sdk instrumentation.
Because aws-sdk package uses HTTP requests to send SQS messages, there is a call to Requests to public networks, which are captured by the OneAgent HTTP instrumentation. The call invoke comes from the AWS Lambda function subscribed to the SQS queue, which is monitored by the Dynatrace AWS Lambda extension.
* Via AWS Lambda function
You can send an SQS or SNS message from an AWS Lambda function monitored by the Dynatrace AWS Lambda extension.
SQS
SNS
const AWS = require('aws-sdk');
exports.handler = function (event, context, callback) {
const sqs = new AWS.SQS();
const params = {
DelaySeconds: 10,
MessageBody: "[your payload]",
QueueUrl: "[your SQS-queue URL]"
};
sqs.sendMessage(params, function (err, data) {
if (err) {
context.succeed({
statusCode: 500,
body: err,
});
} else {
console.log("SQS-Success", data.MessageId);
context.succeed({
statusCode: 200,
body: "SQS-Success",
});
}
});
}
The resulting distributed trace is similar to the Node.js application example:

const AWS = require('aws-sdk');
exports.handler = function (event, context, callback) {
const sns = new AWS.SNS();
const params = {
Message: "[your payload]",
TopicArn: "[your SNS-topic ARN]"
};
sns.publish(params, function (err, data) {
if (err) {
context.succeed({
statusCode: 500,
body: err,
});
} else {
console.log("SNS-Success", data.MessageId);
context.succeed({
statusCode: 200,
body: "SNS-Success",
});
}
});
}
Step 3 Receive an SQS/SNS message¶
SQS
SNS
You can trace SQS messages forwarded from
- An SQS topic
The Dynatrace AWS Lambda extension automatically extracts the parent and creates a Lambda span when an AWS Lambda function is triggered by AWS SQS. However, when a batch of multiple messages is received, only the last message is considered and used for parent propagation. To propagate parents from the batch of multiple incoming messages you can, for example, manually create spans with the parent from each message.
To configure the Dynatrace AWS Lambda extension to allow setting parent spans manually:
-
For the environment variables configuration method, set the
+ For the JSON file configuration method, inDT_OPEN_TELEMETRY_ALLOW_EXPLICIT_PARENTenvironment variable totrue:dtconfig.json, set the following field totrue:
Then new spans can be created with the parent span extracted from each received SQS message.
Example: Receive a batch of multiple messages
const { propagation, ROOT_CONTEXT, trace, SpanKind } = require("@opentelemetry/api");
const { MessagingOperationValues, SemanticAttributes } = require("@opentelemetry/semantic-conventions");
const AWS = require("aws-sdk");
const queueUrl = "[sqs queue url]";
const tracer = trace.getTracer("my-receiver");
exports.handler = async (event) => {
const sqs = new AWS.SQS();
await new Promise((resolve, reject) => {
const receiveParams = {
MaxNumberOfMessages: 10,
QueueUrl: queueUrl,
// MessageAttributeNames not needed if @opentelemetry/instrumentation-aws-sdk is used
MessageAttributeNames: propagation.fields()
};
sqs.receiveMessage(receiveParams, function (err, data) {
if (err) {
console.log("ERROR: ", err);
reject(err);
} else if (data.Messages?.length) {
data.Messages.forEach((msg) => {
console.log("message received:", msg.MessageId)
// manual span creation
const ctx = extractParent(msg, /*fromSnsPayload=*/ false);
const spanAttributes = {
[SemanticAttributes.MESSAGING_MESSAGE_ID]: msg.MessageId,
[SemanticAttributes.MESSAGING_URL]: queueUrl,
[SemanticAttributes.MESSAGING_SYSTEM]: "aws.sqs",
[SemanticAttributes.MESSAGING_OPERATION]: MessagingOperationValues.PROCESS,
};
const span = tracer.startSpan("received message", { kind: SpanKind.CONSUMER, attributes: spanAttributes }, ctx);
// ... Here your actual processing would go...
span.end();
const deleteParams = {
QueueUrl: queueUrl,
ReceiptHandle: msg.ReceiptHandle
};
sqs.deleteMessage(deleteParams, function (err, data) {
if (err) {
console.log("Delete Error", err);
} else {
console.log("Message Deleted", data);
}
});
});
}
resolve();
});
});
};
function extractParent(msg, fromSnsPayload=false) {
let valueKey = "StringValue"
if (fromSnsPayload) {
valueKey = "Value";
try {
msg = JSON.parse(msg.Body)
} catch {
msg = {}
}
}
const carrier = {};
Object.keys(msg.MessageAttributes || {}).forEach((attrKey) => {
carrier[attrKey] = msg.MessageAttributes[attrKey]?.[valueKey];
});
return propagation.extract(ROOT_CONTEXT, carrier)
};
In the example above, aws-sdk is used to subscribe and receive messages from an SQS queue. For each incoming message, the parent span is extracted from the message attributes, and a new received message span with the extracted parent is created. If your SQS queue is subscribed to an SNS topic, the example above might need to be adapted. For details, see Tracing SQS messages forwarded from an SNS topic.
The resulting distributed trace with two messages sent to a queue looks as below.
* An SNS topic
For SNS messages that are forwarded to SQS, the message format depends on the raw message delivery configuration on the SNS subscription.
Raw message delivery
Message format
Example
Enabled
The SNS message attributes are converted to SQS message attributes and the parent can be directly extracted from the MessageAttributes of the SQS message.
Disabled
The SNS message and its MessageAttributes are delivered as a serialized JSON string in the body of the received SQS message. To correctly link the receive span, the parent needs to be extracted from the MessageAttributes of the serialized SNS message.
- Receive a batch of multiple messages
Additional configuration is required for this example. When calling the
extractParentmethod, set the value of thefromSnsPayloadparameter totrue.
AWS Lambda functions that are triggered by SNS are supported out of the box when monitored with the Dynatrace AWS Lambda extension.
SNS topics can be configured via a subscription to forward messages to an SQS queue. Messages in the SQS queue can then be consumed by a Lambda function. Tracing the received messages in the SQS-triggered AWS Lambda function works out of the box when AWS Lambda is monitored with the Dynatrace AWS Lambda extension. However, the tracer can only select a single parent, and if your Lambda function receives batches of multiple messages, special handling is required to track each message separately.
For details, see how to receive an SQS message.
Related topics¶
Source: lambda-otel-bridge-python.md¶
title: OpenTelemetry interoperability in Python source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-into-aws/aws-lambda-integration/aws-lambda-classic/opentelemetry-interoperability/lambda-otel-bridge-python scraped: 2026-02-18T05:50:23.413900
OpenTelemetry interoperability in Python¶
OpenTelemetry interoperability in Python¶
- How-to guide
- 10-min read
- Updated on Jan 16, 2026
OpenTelemetry interoperability connects the Dynatrace AWS Lambda extension to the OpenTelemetry Python instrumentation to use the instrumentation packages and extensions. You can then monitor technologies like databases or messaging frameworks that aren't supported by Dynatrace AWS Lambda extension out of the box.
Before you start¶
- Ensure that OpenTelemetry interoperability is enabled.
- Verify that the installed OpenTelemetry Python API version is compatible with the Dynatrace AWS Lambda extension. The following tables list the compatible versions:
| OneAgent version | Maximum OpenTelemetry API version |
|---|---|
| 1.329+ | 1.38.x |
| 1.323+ | 1.36.x |
| 1.321+ | 1.35.x |
Older versions¶
| OneAgent version | Maximum OpenTelemetry API version |
|---|---|
| 1.319+ | 1.34.x |
| 1.315+ | 1.32.x |
| 1.313+ | 1.31.x |
| 1.311+ | 1.30.x |
| 1.307+ | 1.29.x |
| 1.303+ | 1.27.x |
| 1.299+ | 1.26.x |
| 1.295+ | 1.25.x |
| 1.291+ | 1.24.x |
| 1.285+ | 1.22.x |
| 1.281+ | 1.21.x |
| 1.277+ | 1.20.x |
| 1.273+ | 1.19.x |
| 1.269+ | 1.18.x |
| 1.265+ | 1.17.x |
| 1.259+ | 1.15.x |
| 1.257+ | 1.14.x |
| 1.253+ | 1.13.x |
| 1.249+ | 1.12.x |
| 1.243+ | 1.11.x |
| 1.239+ | 1.9.x |
| 1.235+ | 1.8.x |
| 1.233+ | 1.7.x |
Use OpenTelemetry Python instrumentation¶
OpenTelemetry for Python provides several instrumentation packages in their OpenTelemetry Python contributions repository.
Example: Instrument package in a Python Lambda function via instrumentation package
The following code example shows how to instrument PostgreSQL queries in a Python Lambda function by using the aiopg instrumentation package.
import json
import aiopg
from opentelemetry.instrumentation.aiopg import AiopgInstrumentor
AiopgInstrumentor().instrument()
def lambda_handler(event, context):
return {
'statusCode': 200,
'body': json.dumps(execute_query())
}
def execute_query():
result = []
with aiopg.connect(database='my_db') as conn:
with conn.cursor() as cur:
cur.execute("SELECT 'hello db';")
for row in cur:
result.append(row)
return result
To instrument boto3, the AWS SDK for Python, OpenTelemetry provides the botocore instrumentation package.
Example: Instrument AWS SDK for Python to monitor a DynamoDB database
The code example below shows how the botocore instrumentation can be used to add observability for calls to a DynamoDB database (Dynatrace version 1.244+).
import boto3
import json
from opentelemetry.instrumentation.botocore import BotocoreInstrumentor
BotocoreInstrumentor().instrument()
dynamodb = boto3.resource('dynamodb')
table = dynamodb.Table('MyTable')
def lambda_handler(event, handler):
result = table.get_item(Key={'mykey': 42})
return {
"statusCode": 200,
"answer": json.dumps(result.get("Item"))
}

Use OpenTelemetry Python API¶
OpenTelemetry Python can be used in an SDK-like approach to trace additional operations that aren't covered by an instrumentation package.
import json
from opentelemetry import trace
def lambda_handler(event, context):
tracer = trace.get_tracer(__name__)
with tracer.start_as_current_span("do work"):
# do work
with tracer.start_as_current_span("do some more work") as span:
span.set_attribute("foo", "bar")
# do some more work
return {
'statusCode': 200,
'body': json.dumps('Hello from Hello world from OpenTelemetry Python!')
}
These spans are displayed on the Code level tab.

Trace AWS SQS and SNS messages with Python¶
OneAgent version 1.253+ for SQS OneAgent version 1.257+ for SNS
You can use open-source instrumentation packages to trace AWS SQS and SNS messages and collect them via the Dynatrace AWS Lambda extension.
[
Install the required dependencies](#dependencies-python)[
Send an SQS/SNS message](#send-message-python)[
Receive an SQS/SNS message](#receive-message-python)
Step 1 Install the required dependencies¶
SQS
SNS
At this point, opentelemetry-instrumentation-boto3sqs is a separate package from opentelemetry-instrumentation-botocore. The latter instruments all AWS SDK calls, but lacks enhanced support for SQS.
If you install the dependencies into a Lambda function or layer, you can use the -t option to specify a target directory where the installed packages should be copied.
Step 2 Send an SQS/SNS message¶
The boto3 package is available out of the box if the code runs in AWS Lambda, but you can also install it using pip install -U boto3.
This code defining a function named lambda_handler can be used
- Inside AWS Lambda (we recommend monitoring it with our AWS Lambda layer)
- Outside AWS Lambda (monitoring is performed with OpenTelemetry and exported to Dynatrace via OTLP/HTTP ingest)
You might want to remove the function parameters and return value.
SQS
SNS
from opentelemetry.instrumentation.boto3sqs import Boto3SQSInstrumentor
Boto3SQSInstrumentor().instrument()
import json
import boto3
from datetime import datetime
QUEUE_URL = "<Your SQS Queue URL>"
sqs = boto3.client("sqs")
def lambda_handler(event, context):
sent = []
for i in range(5):
res = sqs.send_message(QueueUrl=QUEUE_URL, MessageBody=f"hello #{i} at {datetime.now()}")
sent.append(res["MessageId"])
return {
"statusCode": 200,
"body": json.dumps({"produced_messages": sent})
}
from opentelemetry.instrumentation.botocore import BotocoreInstrumentor
BotocoreInstrumentor().instrument()
import json
import boto3
from datetime import datetime
TOPIC_ARN = "<Your SNS topic ARN>"
sns = boto3.client("sns")
def lambda_handler(event, context):
res = sns.publish(TopicArn=TOPIC_ARN, Message=f"hello at {datetime.now()}")
return {
"statusCode": 200,
"body": json.dumps({"produced_message": res["MessageId"]})
}
Step 3 Receive an SQS/SNS message¶
SQS
SNS
You can trace SQS messages forwarded from
- An SQS topic
Receiving messages works out of the box when you use an AWS Lambda with an SQS trigger monitored with the Dynatrace AWS Lambda extension. Because a span can have only a single parent, if your Lambda function receives a batch of multiple messages, you need to manually create spans to process every single message if you want to track them separately and have them linked to the sender.
To configure the Dynatrace AWS Lambda extension to allow setting parent spans manually:
-
For the environment variables configuration method, set the
+ For the JSON file configuration method, inDT_OPEN_TELEMETRY_ALLOW_EXPLICIT_PARENTenvironment variable totrue:dtconfig.json, set the following field totrue:
Then new spans can be created with the parent span extracted from each received SQS message.
Example: Receive messages with AWS Lambda SQS trigger
If you invoke the sender and have deployed the example, it will be invoked automatically by SQS.
from pprint import pformat
import boto3
import json
from opentelemetry import trace, propagate
from opentelemetry.semconv.trace import SpanAttributes, MessagingOperationValues
tracer = trace.get_tracer("lambda-sqs-triggered")
def lambda_handler(event, context):
recvcount = 0
print("Trigger", pformat(event))
messages = event.get("Records") or ()
# Lambda SQS event uses lowerCamelCase in its attribute names
for msg in messages:
recvcount += 1
print("Processing", msg["messageId"])
parent = _extract_parent(msg, from_sns_payload=False)
with tracer.start_as_current_span("manual-trigger-process", context=parent, kind=trace.SpanKind.CONSUMER, attributes={
SpanAttributes.MESSAGING_MESSAGE_ID : msg["messageId"],
SpanAttributes.MESSAGING_URL : msg["eventSourceARN"],
SpanAttributes.MESSAGING_SYSTEM : msg["eventSource"],
SpanAttributes.MESSAGING_OPERATION : MessagingOperationValues.PROCESS.value,
}):
# ... Here your actual processing would go...
pass
print("Processed", recvcount, "messages")
def _extract_parent(msg, from_sns_payload=False):
if from_sns_payload:
try:
body = json.loads(msg.get("body", "{}"))
except json.JSONDecodeError:
body = {}
carrier = {key: value["Value"] for key, value in body.get("MessageAttributes", {}).items() if "Value" in value}
else:
carrier = {key: value["stringValue"] for key, value in msg.get("messageAttributes", {}).items() if "stringValue" in value}
return propagate.extract(carrier)
The resulting path looks as follows:

The invoked Lambda function is a child of one of the messages by which it's triggered. Since there can only be one parent, the other manual-triggerâprocess spans aren't linked directly to the Lambda invocation in which they are handled. Often, there's more than one Lambda invocation node for a batch of messages. In those cases, AWS distributed the batch over multiple Lambda invocations. This can happen even if the messages are delivered within your configured batch window time and number less than your configured batch size.
Example: Call the SQS receive APIs manually
If you have deployed the example that uses the receive API in code, you need to invoke it manually and it will attempt to read all messages from the queue.
This example uses the boto3sqs instrumentation. If you don't want to use it, you need to uncomment the MessageAttributeNames argument in the receive_message function, otherwise, SQS will omit data required to link the message to its sender from the retrieved data.
This code can also be used outside a Lambda function and monitored with OpenTelemetry without the Dynatrace AWS Lambda extension.
from opentelemetry.instrumentation.boto3sqs import Boto3SQSInstrumentor
Boto3SQSInstrumentor().instrument()
from pprint import pformat
import boto3
import json
from opentelemetry import trace, propagate
from opentelemetry.semconv.trace import SpanAttributes, MessagingOperationValues
QUEUE_URL = '<Your SQS Queue URL>'
sqs = boto3.client("sqs")
tracer = trace.get_tracer("lambda-receive-function")
def lambda_handler(event, context):
recvcount = 0
while True:
msg_receive_result = sqs.receive_message(
MaxNumberOfMessages=10,
QueueUrl=QUEUE_URL,
WaitTimeSeconds=1, # WaitTime of zero would use sampled receive, may return empty even if there is a message
# This argument is only required if you do not use the boto3sqs instrumentation:
#MessageAttributeNames=list(propagate.get_global_textmap().fields)
)
print("Received", pformat(msg_receive_result))
if not msg_receive_result.get('Messages'):
break
messages = msg_receive_result.get("Messages")
# receive result uses PascalCase in its attribute names
for msg in messages:
recvcount += 1
print("Processing", msg["MessageId"])
parent = _extract_parent(msg, from_sns_payload=False)
with tracer.start_as_current_span("manual-receive-process", context=parent, kind=trace.SpanKind.CONSUMER, attributes={
SpanAttributes.MESSAGING_MESSAGE_ID: msg["MessageId"],
SpanAttributes.MESSAGING_URL: QUEUE_URL,
SpanAttributes.MESSAGING_SYSTEM: "aws.sqs",
SpanAttributes.MESSAGING_OPERATION: MessagingOperationValues.PROCESS.value,
}):
# ... Here your actual processing would go...
print("Delete result", sqs.delete_message(
QueueUrl=QUEUE_URL,
ReceiptHandle=msg['ReceiptHandle'],
))
print("Processed", recvcount, "messages")
def _extract_parent(msg, from_sns_payload=False):
if from_sns_payload:
try:
body = json.loads(msg.get("Body", "{}"))
except json.JSONDecodeError:
body = {}
carrier = {key: value["Value"] for key, value in body.get("MessageAttributes", {}).items() if "Value" in value}
else:
carrier = {key: value["StringValue"] for key, value in msg.get("MessageAttributes", {}).items() if "StringValue" in value}
return propagate.extract(carrier)
Creating the manual-receive-process span manually is necessary because the boto3sqs instrumentation doesn't set the sender as a parent for the processing span, but uses OpenTelemetry links, which are currently not supported by Dynatrace. For the manual-receive-process span linking to work correctly, you need to configure the Dynatrace AWS Lambda extension to allow setting parent spans manually. See the previous example for guidance.
Invoking first the code that sends SQS messages, then the manual receive code, deployed as Lambda functions, results in two traces:
-
The first trace shows the flow of the message from the sender to the processor:

There are additional
Requests to public networksnodes because the boto3 package uses HTTP requests to send SQS messages, which are captured by Dynatrace HTTP instrumentation.You'll notice that the invocation and receive node of the second Lambda invocation are missing from this trace, even though the
manual-receive-processnodes are there. This is because the Lambda function was triggered independently of the message flow, and just happened to receive the message as part of its handler code. + The second trace in Dynatrace shows the Lambda invocation until it's cut in two by setting the explicit parent:
* An SNS topic
For SNS messages that are forwarded to SQS, the message format depends on the raw message delivery configuration on the SNS subscription.
Raw message delivery
Message format
Example
Enabled
The SNS message attributes are converted to SQS message attributes and the parent can be directly extracted from the MessageAttributes of the SQS message.
Disabled
The SNS message and its MessageAttributes are delivered as a serialized JSON string in the body of the received SQS message. To correctly link the receive span, the parent needs to be extracted from the MessageAttributes of the serialized SNS message.
Additional configuration is required for both examples; when calling the _extract_parent method, set the value of the from_sns_payload parameter to True.
AWS Lambda functions that are triggered by SNS are supported out of the box when monitored with the Dynatrace AWS Lambda extension.
SNS topics can be configured via a subscription to forward messages to an SQS queue. Messages in the SQS queue can then be consumed by a Lambda function. Tracing the received messages in the SQS-triggered AWS Lambda function works out of the box when AWS Lambda is monitored with the Dynatrace AWS Lambda extension. However, the tracer can only select a single parent, and if your Lambda function receives batches of multiple messages, special handling is required to track each message separately.
For details, see how to receive an SQS message.
Related topics¶
Source: log-enrichment.md¶
title: AWS Lambda logs in context of traces source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-into-aws/aws-lambda-integration/aws-lambda-classic/opentelemetry-interoperability/log-enrichment scraped: 2026-02-18T05:37:32.161808
AWS Lambda logs in context of traces¶
AWS Lambda logs in context of traces¶
- How-to guide
- 2-min read
- Published Feb 08, 2022
This page describes how to include TraceId and SpanId information in user-generated log messages. This way, you can associate log messages with the surrounding trace.
Prerequisites¶
- Set up AWS Lambda log collection or Stream logs via Amazon Data Firehose.
- Enable OpenTelemetry interoperability for the Lambda function.
-
The log output generated by the AWS Lambda function must be formatted so that the
TraceIdandSpanIdinformation can be picked up. The expected format of the enriched fields in an unstructured log is as follows: -
Encapsulated in square brackets
[]with a!dtprefix dt.trace_idanddt.span_idmust be hex-encoded strings Example:[!dt dt.trace_id=0af7651916cd43dd8448eb211c80319c,dt.span_id=00f067aa0ba902b7]
Check AWS Lambda log collection to learn more about limitations since Lambda log enrichment is not automatic.
OpenTelemetry Python¶
In the example below, a dt_log function has been created to enrich a given log message with trace_id and span_id information. Printing this enriched message to the configured log sink associates the log message with the currently active span in the Dynatrace web UI.
import logging
from opentelemetry import trace
def dt_log(self, record):
if (not self.disabled) and self.filter(record):
ctx = trace.get_current_span().get_span_context()
if ctx.is_valid:
trace_id = "{0:032X}".format(ctx.trace_id)
span_id = "{0:016X}".format(ctx.span_id)
record.msg = f"[!dt dt.trace_id={trace_id},dt.span_id={span_id}] - {record.msg}"
self.callHandlers(record)
logging.Logger.handle = dt_log
def lambda_handler(event, context):
logger = logging.getLogger()
logger.warning("Hello world")
return {
"statusCode": 200,
"body": "Hello from lambda"
}
OpenTelemetry JavaScript (Node.js)¶
In the example below, a dt_log function has been created to enrich a given log message with trace_id and span_id information. Printing this enriched message to stdout associates the log message with the currently active span in the Dynatrace web UI.
const opentelemetry = require('@opentelemetry/api');
function dtLog(msg) {
const spanContext = opentelemetry.trace.getSpanContext(opentelemetry.context.active()) ?? opentelemetry.INVALID_SPAN_CONTEXT;
console.log(`[!dt dt.trace_id=${spanContext.traceId},dt.span_id=${spanContext.spanId}] - ${msg}`);
}
exports.handler = function(event, context) {
const msg = "Hello World"
dtLog(msg);
context.succeed({
statusCode: 200,
body: msg
});
};
Logs created by some commonly used Node.js logging frameworks are automatically associated with traces by using the corresponding OpenTelemetry instrumentations.
Node.js logging framework
OpenTelemetry instrumentation
@opentelemetry/instrumentation-winston
@opentelemetry/instrumentation-pino
@opentelemetry/instrumentation-bunyan
In the example below, the winston instrumentation is used to enrich a winston info log with TraceId and SpanId. The created log is associated with the currently active span in Dynatrace.
const otelApi = require('@opentelemetry/api');
const { registerInstrumentations } = require('@opentelemetry/instrumentation');
const { WinstonInstrumentation } = require('@opentelemetry/instrumentation-winston');
registerInstrumentations({
instrumentations: [new WinstonInstrumentation()],
});
const winston = require('winston');
exports.handler = function (event, context, callback) {
const logger = winston.createLogger({
transports: [new winston.transports.Console()],
});
logger.info('winston info log');
context.succeed({
statusCode: 200,
body: 'Hello from AWS Lambda Node.js',
});
}
OpenTelemetry Java¶
In the example below, a dtLog method has been created to enrich a given log message with TraceId and SpanId information. Printing this enriched message via System.out associates the log message with the currently active span in the Dynatrace web UI.
package com.amazonaws.lambda.demo;
import com.amazonaws.services.lambda.runtime.Context;
import com.amazonaws.services.lambda.runtime.RequestHandler;
import io.opentelemetry.api.trace.Span;
import io.opentelemetry.api.trace.SpanContext;
public class HelloJava implements RequestHandler<Object, String> {
private static void dtLog(final String msg) {
SpanContext spanContext = Span.current().getSpanContext();
System.out.printf(
"[!dt dt.trace_id=%s,dt.span_id=%s] - %s%n",
spanContext.getTraceId(),
spanContext.getSpanId(),
msg
);
}
@Override
public String handleRequest(Object input, Context context) {
String msg = "Hello World";
dtLog(msg);
return msg;
}
}
Source: opentelemetry-interoperability.md¶
title: OpenTelemetry interoperability source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-into-aws/aws-lambda-integration/aws-lambda-classic/opentelemetry-interoperability scraped: 2026-02-17T04:56:16.241437
OpenTelemetry interoperability¶
OpenTelemetry interoperability¶
- 1-min read
- Updated on Apr 24, 2023
With Dynatrace interoperability for OpenTelemetry, you can use the instrumentation packages available from OpenTelemetry to monitor technologies (like databases or messaging frameworks) that aren't supported by the Dynatrace AWS Lambda extension out-of-the box. The Dynatrace AWS Lambda extension automatically captures the additional span instrumentation and integrates it with any other telemetry captured without any need to configure additional OpenTelemetry exporters.
OpenTelemetry is a collection of tools, APIs, and SDKs. You can use it to instrument, generate, collect, and export telemetry data (metrics, logs, and traces) for analysis to get insights into your software's performance and behavior. OpenTelemetry interoperability connects Dynatrace AWS Lambda extension to OpenTelemetry API for the respective instrumentation.
Enable OpenTelemetry interoperability¶
- For the environment variables configuration method, set the value of the
DT_OPEN_TELEMETRY_ENABLE_INTEGRATIONenvironment variable totrue. - For the JSON file configuration method, set the respective property to
truein thedtconfig.jsonfile. For example:
Learn more¶
To learn more about how OpenTelemetry interoperability works, see
- OpenTelemetry interoperability in Python
- OpenTelemetry interoperability in Node.js
- OpenTelemetry interoperability in Java
Related topics¶
Source: trace-lambda-functions.md¶
title: Trace Lambda functions source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-into-aws/aws-lambda-integration/trace-lambda-functions scraped: 2026-02-17T04:51:18.553491
Trace Lambda functions¶
Trace Lambda functions¶
- How-to guide
- 8-min read
- Updated on Jan 23, 2026
Dynatrace provides you with a dedicated AWS Lambda layer that contains the Dynatrace extension for AWS Lambda. You need to add the publicly available layer for your runtime and region to your function. Then, based on your configuration method, Dynatrace provides a template or configuration for your AWS Lambda function.
Capabilities¶
Dynatrace provides extensive Python, Node.js, and Java monitoring capabilities:
-
Automatic distributed tracing across AWS services such as API Gateway, SQS, SNS, EventBridge and seamless integration with other AWS services. For more details, refer to AWS Lambda integration.
-
OpenTelemetry support for trace and metric ingestion.
- Native log ingestion from Lambda functions. Dynatrace supports log ingestion directly via the AWS Lambda Telemetry API, reducing dependency on CloudWatch. For more details, refer to AWS Lambda log collection.
- Cold start detection and optimization.
- Infrastructure-as-Code support (Terraform, AWS SAM, Serverless Framework).
See our supported technologies matrix for details on supported frameworks and runtimes for AWS supported runtimes.
Incoming invocations¶
For AWS Lambda invocations, Dynatrace offers generic support for all trigger types. OneAgent can capture specific information or connect the trace to any parent and therefore add additional information only for invocations made via:
- AWS SDK Lambda Invoke API
- API gateway
- Lambda function URL
- AWS SQS
- AWS SNS
- AWS EventBridge
- AWS Application Load Balancer
For other invocation types, OneAgent can't capture any specific information or connect the trace to any parent. Invocations via the AWS SDK require the client to be instrumented with Dynatrace to connect the trace.
Steps¶
Enable monitoring for AWS Lambda functions¶
To get started
- In Dynatrace Hub, select AWS Lambda.
-
Select Set up.
-
Follow the instructions to enable monitoring of AWS Lambda functions.
Choose a configuration method¶
Dynatrace OneAgent is distributed as a Lambda layer that can be enabled and configured manually or using well-known Infrastructure as Code (IaC) solutions.
The Lambda layer is stored in the Dynatrace AWS account 585768157899.
The wizard provides you with various configuration options and configuration snippets you can use in your deployment automation of choice.
Quick start vs. advanced configuration
Latest Dynatrace
This option is available only in the latest Dynatrace. For details, see Upgrade to the latest Dynatrace.
After you select your runtime, you have two different observability options:
- Quick start
This is a fast onboarding option with minimal setup. You select only the architecture, region, and configuration method. You'll monitor your environment using distributed tracing. This setup is useful for using the basic AWS Lambda functions with standard monitoring needs. * Advanced configuration
You have a much richer selection of customization options. This setup is useful for teams that need detailed observability, more control, and customizations for complex environments or specific monitoring needs. It provides integration with other AWS services, such as CloudWatch and X-Ray.
Configure with JSON file
If you select this method, Dynatrace provides you with:
- An environment variable to add to your AWS Lambda function
- A JSON snippet that you need to copy into the
dtconfig.jsonfile in the root folder of your Lambda deployment - Lambda layer ARN
When using this method, make sure that you add the Dynatrace Lambda layer to your function. You can do this through the AWS console (Add layer > Specify an ARN and paste the ARN displayed on the deployment page) or by using an automated solution of your choice.
Enter environment variables via the AWS Console

Enter the Lambda layer ARN via the AWS Console

Configure with environment variables
Environment variables can be used for configuration, but we advise using the Secrets Manager as the recommended approach for fetching a security token. For more details, refer to Fetch token from AWS Secrets Manager.
When using this method, make sure that you add the Dynatrace Lambda layer to your function. The layer, as well as the environment variables, can be set either manually through the AWS console (Add layer > Specify an ARN and paste the ARN displayed on the deployment page) or by using an automated solution of your choice.
Client-side decryption of environment variables (Security in Transit) is not supported.
If you select this method, Dynatrace provides you with:
- Values to define environment variables for the AWS Lambda functions that you want to monitor
* Lambda layer ARN

Configure and deploy using Terraform
Terraform is a popular Infrastructure as Code (IaC) solution. If you select this method, Dynatrace provides you with:
- A template to define the AWS Lambda function. This includes all the configuration that you need to deploy and configure the Dynatrace AWS Lambda extension together with your functions.
- Lambda layer ARN
Configure and deploy using AWS SAM
The AWS Serverless Application Model (SAM) is an open-source framework for building serverless applications.
If you select this method, Dynatrace provides you with a template to define the AWS Lambda function. This includes all the configuration that you need to integrate the Dynatrace AWS Lambda extension.
Configure and deploy using the serverless framework
The Serverless Application option is a framework for deploying serverless stacks.
If you select this method, Dynatrace provides you with a template to define the AWS Lambda function. This includes all the configuration that you need to integrate the Dynatrace AWS Lambda extension.
Configure and deploy using AWS CloudFormation
AWS CloudFormation is an IaC solution that enables provisioning of a wide range of AWS services.
If you select this method, Dynatrace provides you with a template to define the AWS Lambda function. This includes all the configuration that you need to integrate the Dynatrace AWS Lambda extension.
Specify a Dynatrace API endpoint¶
Optional
This is an optional step that enables you to specify a Dynatrace API endpoint to which monitoring data will be sent.
The typical scenario is to deploy a Dynatrace ActiveGate in close proximity (same region) to the Lambda functions that you want to monitor in order to reduce network latency, which can impact the execution and cold start time of your Lambda functions for (usually one) network request by OneAgent per Lambda invocation (which happens at the end of the invocation). See <#monitoring-overhead> section for typical overhead numbers.
Enable Real User Monitoring¶
Optional
This is an optional step to use Real User Monitoring (RUM), which provides you with deep insights into user actions and performance via the browser or in mobile apps.
Configure the AWS API Gateway¶
- If inbound (non-XHR) requests to your Lambda functions are not connected to the calling application, configure the API Gateway to pass through the Dynatrace tag. To do this, enable Use Lambda Proxy Integration on the Integration Request configuration page of the API Gateway.
- If the API Gateway is configured from the Lambda configuration page, this setting will be enabled by default. For more information, see Enable CORS on a resource using the API Gateway console.
AWS Lambda also supports non-proxy integration, whichâwithout some additional configurationâprevents Dynatrace from
- Tracing calls from other monitored applications
- RUM detection (web and mobile)
To make tracing calls from other monitored applications/RUM detection work in this scenario, create a custom mapping template in the integration requests configuration.
- In the AWS API Gateway Console, go to Resources and select a request method (for example, GET).
- Select Mapping Templates and then select Add mapping template.
- Add the following content to the template:
{
"path": "$context.path",
"httpMethod": "$context.httpMethod",
"headers": {
#foreach($param in ["x-dynatrace", "traceparent", "tracestate", "x-dtc", "referer", "host", "x-forwarded-proto", "x-forwarded-for", "x-forwarded-port"])
"$param": "$util.escapeJavaScript($input.params().header.get($param))"
#if($foreach.hasNext),#end
#end },
"requestContext": {
"stage": "$context.stage"
}
}
The x-dtc header is specific to tracing RUM scenarios, whereas the remaining headers are generally needed to link traces together and extract relevant information, such as web request metadata.
4. Select Save to save your configuration.
5. Redeploy your API.
Configure AWS¶
Make sure the x-dtc header is allowed in the CORS settings of your monitored Lambda functions.
RUM for Lambda functions requires a specific header (x-dtc) to be sent with XHR calls to AWS. To enable it, the CORS settings of your AWS deployment must allow the x-dtc header during preflight (OPTIONS) requests. To configure CORS and allow the x-dtc header for your specific setup, see Enable CORS on a resource using the API Gateway console in AWS documentation.
Configure Dynatrace¶
To configure the x-dtc header for calls to your Lambda functions
- Go to Web, Mobile, Frontend, or Custom Applications, depending on your application type.
- Select the application you want to connect with your Lambda function.
- Select the browse menu (â¦) in the upper-right corner and select Edit.
- Select Capturing > Async web requests and SPAs.
- Make sure that your framework of choice is enabled. If your framework is not listed, enable Capture XmlHttpRequest (XHR) for generic support of
XHR. - Select Capturing > Advanced setup.
- Scroll down to the Enable Real User Monitoring for cross-origin XHR calls section and enter a pattern that matches the URL to your Lambda functions. For example:
TheAwsUniqueId.execute-api.us-east-1.amazonaws.com - Select Save. After a few minutes, the header will be attached to all calls to your Lambda function and requests from your browser will be linked to the backend.
Failed requests
If requests start failing after enabling this option, review your CORS settings. To learn how to configure CORS, see Enable CORS on a resource using the API Gateway console in AWS documentation.
Deployment¶
Copy the configuration snippets into your deployment and use your deployment method of choice to enable the layer and set the configuration for your Lambda functions.
Configuration options¶
Fetch token from AWS Secrets Manager¶
OneAgent version 1.295+
Instead of specifying the authentication token explicitly in the configuration, you can configure OneAgent to fetch a token stored in AWS Secrets Manager.
Prerequisites
- Make sure you granted the
secretsmanager:GetSecretValuepermission for the authentication token secret ARN to the Lambda function monitored by OneAgent. For details, see Authentication and access control for AWS Secrets Manager in the AWS Secrets Manager documentation. -
Make sure the secret value contains only the plaintext authentication token value (without quotes). Note that
-
Secrets with JSON structure are not supported. For details, see Create an AWS Secrets Manager secret in the AWS Secrets Manager documentation.
- When you retrieve the secret value, Secrets Manager returns by default only the current secret version (
AWSCURRENTlabel). For details, see What's in a Secrets Manager secret? in the AWS Secrets Manager documentation.
To fetch the token for a tracing connection, set the token secret ARN either to the environment variable DT_CONNECTION_AUTH_TOKEN_SECRETS_MANAGER_ARN or the JSON property Connection.AuthTokenSecretsManagerArn.
This option always overrides DT_CONNECTION_AUTH_TOKEN (Connection.AuthToken). If the fetch fails, OneAgent won't be able to export trace data.
A fetch accesses AWS Secrets Manager only once, during the Lambda function's initialization phase; this causes an increase of the Lambda function's cold start duration.
For details on fetching the token for log collection, refer to Fetch token from AWS Secrets Manager.
Monitoring overhead¶
Enabling monitoring unavoidably induces overhead to the monitored function execution. Overhead depends on several factors, such as function runtime technology, configuration, and concrete function characteristics such as code size or execution duration and complexity.
The amount of memory configured for a function directly impacts the compute resources assigned to the function instance. For more details, see Memory and computing power.
The worst-case scenario on measured overhead is a function with an empty function handler and minimum memory configuration.
Cold start overhead¶
- For Node.js, cold start overhead is about 900 ms.
- For Java, cold start overhead is about 1,500 ms.
- For Python, cold start overhead is about 1,000 ms.
For the cold start benchmarking process, hello-world functions (only returning a response) were tested with 512 MB of allocated memory. It is important to note that the observed overhead may vary based on a few factors:
- Configured memory: A Lambda function is allocated CPU proportional to the memory configured which can influence its cold start performance. Functions with higher memory allocations typically exhibit faster initialization times due to the increased CPU allocation.
- Function implementation: The complexity of the actual function implementationâincluding external dependencies, initialization logic, and the runtime environmentâcan significantly impact the cold start duration.
- Runtime version: The specific runtime version or container image used can also influence cold start times.
When conducting performance evaluations, we recommend considering these factors, as they may affect the benchmarking results in real-world scenarios.
Response time latency¶
Latency depends on the function implementation, but is typically less than 10%. This means that the time it takes until the caller of a Lambda function receives a response might increase by 10% when the OneAgent layer is added, compared to when OneAgent is not active/present.
Code space overhead¶
The following table contains uncompressed layer sizes.
| Runtime | Code space (MB) | Code space with log collector included (MB) |
|---|---|---|
| Node.js | ~32MB | ~40MB |
| Java | ~25MB | ~32MB |
| Python | ~16MB | ~24MB |
Dynatrace AWS integration¶
While not mandatory, we recommend that you set up Dynatrace Amazon CloudWatch integration. This allows data ingested via AWS integration to be seamlessly combined with the data collected by the Dynatrace AWS Lambda extension.
For more details, refer to Amazon CloudWatch Metric Streams.
Filter cold starts¶
One of the important metrics for Lambda is the frequency of cold starts. A cold start happens when a new instance of a Lambda function is invoked. Such cold starts take longer and add latency to your requests.
A high cold-start frequency can indicate errors or an uneven load pattern that can be mitigated using provisioned concurrency. Dynatrace reports such cold starts as a property on the distributed trace.
To analyze cold starts
-
Select View all requests on the Lambda service details page.
-
In the request filter, select Function cold start in the Request property section.
-
Filter by invocations containing Only cold start or No cold start.
Known limitations¶
- HTTP connect timeouts, flush timeouts, and backoff thresholds are not configurable.
- OneAgent running on AWS Lambda does not support functionalities that require OneAgent reconfiguration through the server-side user interface.
- OneAgent for AWS Lambda uses only local settings defined via environment variables or config files, instead of pulling configuration from the Dynatrace cluster. As a result, any settings defined at the cluster level are ignored, and defaults apply unless explicitly overridden.
- Most Dynatrace AWS Lambda extensions don't capture IP addresses of outgoing HTTP requests. This results in unmonitored hosts if the called service isn't monitored with Dynatrace.
- .NET: ASP.NET core, code-level attack & vulnerability evaluation and several metrics are not supported within AWS Lambda.
- Node.js AWS Lambda extension sensors (instrumentations) don't support ECMAScript modules. This means that the extension won't properly monitor outgoing calls (for example, HTTP or AWS SDK requests).
- Node.js handlers bundled via esbuild to CommonJS can't be auto-instrumented by OneAgent. This is because the bundling process can alter how the handler function is exposed, which prevents OneAgent from detecting and instrumenting it automatically.
How to enable auto-instrumentation for Node.js handlers bundled via esbuild?
You can use a simple wrapper script to enable auto-instrumentation.
Here's a sample AWS Lambda handler written in TypeScript (index.ts):
import { Context, APIGatewayProxyResult, APIGatewayEvent } from 'aws-lambda';
export const handler = async (event: APIGatewayEvent, context: Context): Promise<APIGatewayProxyResult> => {
console.log(`Event: ${JSON.stringify(event, null, 2)}`);
console.log(`Context: ${JSON.stringify(context, null, 2)}`);
return {
statusCode: 200,
body: JSON.stringify({
message: 'hello world',
}),
};
};
-
Bundle the handler using esbuild:
2. Create a wrapper file (esbuild index.ts --bundle --minify --sourcemap --platform=node --target=es2020 --outfile=dist/index.jsesbuild_wrap.js) to expose the handler in a way that OneAgent can instrument: 3. In your AWS Lambda runtime configuration, set the handler toesbuild_wrap.handler.
OneAgent will now be able to detect and instrument the function correctly. * AWS Lambda Managed Instances deployment mode is not supported. This new hosting option allows deploying Lambda functions on AWS-managed EC2 instance clusters. The Dynatrace Lambda extension and code module layers currently do not support this deployment mode. * Managed offline clusters are not supported.
Source: aws-lambda-integration.md¶
title: Monitor AWS Lambda source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-into-aws/aws-lambda-integration scraped: 2026-02-18T05:40:16.245899
Monitor AWS Lambda¶
Monitor AWS Lambda¶
- Explanation
- 3-min read
- Updated on Jan 12, 2026
Dynatrace provides end-to-end observability for AWS Lambda functions through distributed tracing, log correlation, and AI-powered insights using auto-instrumentation without code changes. The OneAgent AWS Lambda extension collects logs directly from Lambda functions, offering an alternative to CloudWatch via Firehose with lower cost, lower latency, and easier setup.
[#### Trace Lambda functions
Monitor AWS Lambda functions.
- How-to guide
Read this guide](/docs/ingest-from/amazon-web-services/integrate-into-aws/aws-lambda-integration/trace-lambda-functions)[#### Trace .NET Lambda functions
Trace AWS Lambda functions using a .NET runtime
- How-to guide
Read this guide](/docs/ingest-from/amazon-web-services/integrate-into-aws/aws-lambda-integration/aws-lambda-classic/aws-lambda-otel-integration)
[#### AWS Lambda log collection
Collect logs from AWS Lambda functions
- How-to guide
Read this guide](/docs/ingest-from/amazon-web-services/integrate-into-aws/aws-lambda-integration/collector)[#### Monitor AWS Lambda (built-in)
Monitor AWS Lambda (built-in) and view available metrics.
- How-to guide
Read this guide](/docs/ingest-from/amazon-web-services/integrate-with-aws/cloudwatch-metrics/aws-lambda-cloudwatch-metrics/lambda-builtin)
[#### Integrate Dynatrace Lambda Layer on container images
Deploy Dynatrace Lambda Layers when deployed via a container image.
- How-to guide
Read this guide](/docs/ingest-from/amazon-web-services/integrate-into-aws/aws-lambda-integration/deploy-oa-latest-lambda-container-images)
Integrations¶
AWS Lambda instrumentation is available for the following runtimes:
| Runtime | Lambda layer version1 | Applies to Lambda Classic |
|---|---|---|
| Python | 1.321 (or later) | Yes |
| Node.js | 1.319 (or later) | Yes |
| Java | 1.319 (or later) | Yes |
| .NET | Coming soon | Yes |
| GO | Coming soon | Log Monitoring only |
1
Managed offline clusters are not supported.
For more details, see Technology support.
Monitoring consumption¶
For AWS Lambda, monitoring consumption is based on Davis data units. See Serverless monitoring for details.
Related topics¶
Source: aws-service-appstream-2.md¶
title: Amazon AppStream 2.0 monitoring source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-with-aws/aws-all-services/aws-service-appstream-2 scraped: 2026-02-17T21:30:41.488581
Amazon AppStream 2.0 monitoring¶
Amazon AppStream 2.0 monitoring¶
- How-to guide
- 2-min read
- Published Sep 08, 2020
Dynatrace ingests metrics for multiple preselected namespaces, including Amazon AppStream 2.0. You can view metrics for each service instance, split metrics into multiple dimensions, and create custom charts that you can pin to your dashboards.
Prerequisites¶
To enable monitoring for this service, you need
-
ActiveGate version 1.197+
-
For Dynatrace SaaS deployments, you need an Environment ActiveGate or a Multi-environment ActiveGate.
For role-based access in a SaaS deployment, you need an Environment ActiveGate installed on an Amazon EC2 host.
- Dynatrace version 1.201+
- An updated AWS monitoring policy to include the additional AWS services.
To update the AWS IAM policy, use the JSON below, containing the monitoring policy (permissions) for all supporting services.
JSON predefined policy for all supporting services
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"acm-pca:ListCertificateAuthorities",
"apigateway:GET",
"apprunner:ListServices",
"appstream:DescribeFleets",
"appsync:ListGraphqlApis",
"athena:ListWorkGroups",
"autoscaling:DescribeAutoScalingGroups",
"cloudformation:ListStackResources",
"cloudfront:ListDistributions",
"cloudhsm:DescribeClusters",
"cloudsearch:DescribeDomains",
"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"codebuild:ListProjects",
"datasync:ListTasks",
"dax:DescribeClusters",
"directconnect:DescribeConnections",
"dms:DescribeReplicationInstances",
"dynamodb:ListTables",
"dynamodb:ListTagsOfResource",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeInstances",
"ec2:DescribeNatGateways",
"ec2:DescribeSpotFleetRequests",
"ec2:DescribeTransitGateways",
"ec2:DescribeVolumes",
"ec2:DescribeVpnConnections",
"ecs:ListClusters",
"eks:ListClusters",
"elasticache:DescribeCacheClusters",
"elasticbeanstalk:DescribeEnvironmentResources",
"elasticbeanstalk:DescribeEnvironments",
"elasticfilesystem:DescribeFileSystems",
"elasticloadbalancing:DescribeInstanceHealth",
"elasticloadbalancing:DescribeListeners",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeRules",
"elasticloadbalancing:DescribeTags",
"elasticloadbalancing:DescribeTargetHealth",
"elasticmapreduce:ListClusters",
"elastictranscoder:ListPipelines",
"es:ListDomainNames",
"events:ListEventBuses",
"firehose:ListDeliveryStreams",
"fsx:DescribeFileSystems",
"gamelift:ListFleets",
"glue:GetJobs",
"inspector:ListAssessmentTemplates",
"kafka:ListClusters",
"kinesis:ListStreams",
"kinesisanalytics:ListApplications",
"kinesisvideo:ListStreams",
"lambda:ListFunctions",
"lambda:ListTags",
"lex:GetBots",
"logs:DescribeLogGroups",
"mediaconnect:ListFlows",
"mediaconvert:DescribeEndpoints",
"mediapackage-vod:ListPackagingConfigurations",
"mediapackage:ListChannels",
"mediatailor:ListPlaybackConfigurations",
"opsworks:DescribeStacks",
"qldb:ListLedgers",
"rds:DescribeDBClusters",
"rds:DescribeDBInstances",
"rds:DescribeEvents",
"rds:ListTagsForResource",
"redshift:DescribeClusters",
"robomaker:ListSimulationJobs",
"route53:ListHostedZones",
"route53resolver:ListResolverEndpoints",
"s3:ListAllMyBuckets",
"sagemaker:ListEndpoints",
"sns:ListTopics",
"sqs:ListQueues",
"storagegateway:ListGateways",
"sts:GetCallerIdentity",
"swf:ListDomains",
"tag:GetResources",
"tag:GetTagKeys",
"transfer:ListServers",
"workmail:ListOrganizations",
"workspaces:DescribeWorkspaces"
],
"Resource": "*"
}
]
}
If you don't want to add permissions to all services, and just select permissions for certain services, consult the table below. The table contains a set of permissions that are required for All AWS cloud services and, for each supporting service, a list of optional permissions specific to that service.
Permissions required for AWS monitoring integration:
"cloudwatch:GetMetricData""cloudwatch:GetMetricStatistics""cloudwatch:ListMetrics""sts:GetCallerIdentity""tag:GetResources""tag:GetTagKeys""ec2:DescribeAvailabilityZones"
Complete list of permissions for cloud services¶
| Name | Permissions |
|---|---|
| All monitored Amazon services Required | cloudwatch:GetMetricData, cloudwatch:GetMetricStatistics, cloudwatch:ListMetrics, sts:GetCallerIdentity, tag:GetResources, tag:GetTagKeys, ec2:DescribeAvailabilityZones |
| AWS Certificate Manager Private Certificate Authority | acm-pca:ListCertificateAuthorities |
| Amazon MQ | |
| Amazon API Gateway | apigateway:GET |
| AWS App Runner | apprunner:ListServices |
| Amazon AppStream | appstream:DescribeFleets |
| AWS AppSync | appsync:ListGraphqlApis |
| Amazon Athena | athena:ListWorkGroups |
| Amazon Aurora | rds:DescribeDBClusters |
| Amazon EC2 Auto Scaling | autoscaling:DescribeAutoScalingGroups |
| Amazon EC2 Auto Scaling (built-in) | autoscaling:DescribeAutoScalingGroups |
| AWS Billing | |
| Amazon Keyspaces | |
| AWS Chatbot | |
| Amazon CloudFront | cloudfront:ListDistributions |
| AWS CloudHSM | cloudhsm:DescribeClusters |
| Amazon CloudSearch | cloudsearch:DescribeDomains |
| AWS CodeBuild | codebuild:ListProjects |
| Amazon Cognito | |
| Amazon Connect | |
| Amazon Elastic Kubernetes Service (EKS) | eks:ListClusters |
| AWS DataSync | datasync:ListTasks |
| Amazon DynamoDB Accelerator (DAX) | dax:DescribeClusters |
| AWS Database Migration Service (AWS DMS) | dms:DescribeReplicationInstances |
| Amazon DocumentDB | rds:DescribeDBClusters |
| AWS Direct Connect | directconnect:DescribeConnections |
| Amazon DynamoDB | dynamodb:ListTables |
| Amazon DynamoDB (built-in) | dynamodb:ListTables, dynamodb:ListTagsOfResource |
| Amazon EBS | ec2:DescribeVolumes |
| Amazon EBS (built-in) | ec2:DescribeVolumes |
| Amazon EC2 API | |
| Amazon EC2 (built-in) | ec2:DescribeInstances |
| Amazon EC2 Spot Fleet | ec2:DescribeSpotFleetRequests |
| Amazon Elastic Container Service (ECS) | ecs:ListClusters |
| Amazon ECS Container Insights | ecs:ListClusters |
| Amazon ElastiCache (EC) | elasticache:DescribeCacheClusters |
| AWS Elastic Beanstalk | elasticbeanstalk:DescribeEnvironments |
| Amazon Elastic File System (EFS) | elasticfilesystem:DescribeFileSystems |
| Amazon Elastic Inference | |
| Amazon Elastic Map Reduce (EMR) | elasticmapreduce:ListClusters |
| Amazon Elasticsearch Service (ES) | es:ListDomainNames |
| Amazon Elastic Transcoder | elastictranscoder:ListPipelines |
| Amazon Elastic Load Balancer (ELB) (built-in) | elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth |
| Amazon EventBridge | events:ListEventBuses |
| Amazon FSx | fsx:DescribeFileSystems |
| Amazon GameLift | gamelift:ListFleets |
| AWS Glue | glue:GetJobs |
| Amazon Inspector | inspector:ListAssessmentTemplates |
| AWS Internet of Things (IoT) | |
| AWS IoT Analytics | |
| Amazon Managed Streaming for Kafka | kafka:ListClusters |
| Amazon Kinesis Data Analytics | kinesisanalytics:ListApplications |
| Amazon Data Firehose | firehose:ListDeliveryStreams |
| Amazon Kinesis Data Streams | kinesis:ListStreams |
| Amazon Kinesis Video Streams | kinesisvideo:ListStreams |
| AWS Lambda | lambda:ListFunctions |
| AWS Lambda (built-in) | lambda:ListFunctions, lambda:ListTags |
| Amazon Lex | lex:GetBots |
| Amazon Application and Network Load Balancer (built-in) | elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth |
| Amazon CloudWatch Logs | logs:DescribeLogGroups |
| AWS Elemental MediaConnect | mediaconnect:ListFlows |
| AWS Elemental MediaConvert | mediaconvert:DescribeEndpoints |
| AWS Elemental MediaPackage Live | mediapackage:ListChannels |
| AWS Elemental MediaPackage Video on Demand | mediapackage-vod:ListPackagingConfigurations |
| AWS Elemental MediaTailor | mediatailor:ListPlaybackConfigurations |
| Amazon VPC NAT Gateways | ec2:DescribeNatGateways |
| Amazon Neptune | rds:DescribeDBClusters |
| AWS OpsWorks | opsworks:DescribeStacks |
| Amazon Polly | |
| Amazon QLDB | qldb:ListLedgers |
| Amazon RDS | rds:DescribeDBInstances |
| Amazon RDS (built-in) | rds:DescribeDBInstances, rds:DescribeEvents, rds:ListTagsForResource |
| Amazon Redshift | redshift:DescribeClusters |
| Amazon Rekognition | |
| AWS RoboMaker | robomaker:ListSimulationJobs |
| Amazon Route 53 | route53:ListHostedZones |
| Amazon Route 53 Resolver | route53resolver:ListResolverEndpoints |
| Amazon S3 | s3:ListAllMyBuckets |
| Amazon S3 (built-in) | s3:ListAllMyBuckets |
| Amazon SageMaker Batch Transform Jobs | |
| Amazon SageMaker Endpoint Instances | sagemaker:ListEndpoints |
| Amazon SageMaker Endpoints | sagemaker:ListEndpoints |
| Amazon SageMaker Ground Truth | |
| Amazon SageMaker Processing Jobs | |
| Amazon SageMaker Training Jobs | |
| AWS Service Catalog | |
| Amazon Simple Email Service (SES) | |
| Amazon Simple Notification Service (SNS) | sns:ListTopics |
| Amazon Simple Queue Service (SQS) | sqs:ListQueues |
| AWS Systems Manager - Run Command | |
| AWS Step Functions | |
| AWS Storage Gateway | storagegateway:ListGateways |
| Amazon SWF | swf:ListDomains |
| Amazon Textract | |
| AWS IoT Things Graph | |
| AWS Transfer Family | transfer:ListServers |
| AWS Transit Gateway | ec2:DescribeTransitGateways |
| Amazon Translate | |
| AWS Trusted Advisor | |
| AWS API Usage | |
| AWS Site-to-Site VPN | ec2:DescribeVpnConnections |
| AWS WAF Classic | |
| AWS WAF | |
| Amazon WorkMail | workmail:ListOrganizations |
| Amazon WorkSpaces | workspaces:DescribeWorkspaces |
Example of JSON policy for one single service.
JSON policy for Amazon API Gateway
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"apigateway:GET",
"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"sts:GetCallerIdentity",
"tag:GetResources",
"tag:GetTagKeys",
"ec2:DescribeAvailabilityZones"
],
"Resource": "*"
}
]
}
In this example, from the complete list of permissions you need to select
"apigateway:GET"for Amazon API Gateway"cloudwatch:GetMetricData","cloudwatch:GetMetricStatistics","cloudwatch:ListMetrics","sts:GetCallerIdentity","tag:GetResources","tag:GetTagKeys", and"ec2:DescribeAvailabilityZones"for All AWS cloud services.
AWS endpoints that need to be reachable from ActiveGate with corresponding AWS services¶
| Endpoint | Service |
|---|---|
autoscaling.<REGION>.amazonaws.com |
Amazon EC2 Auto Scaling (built-in), Amazon EC2 Auto Scaling |
lambda.<REGION>.amazonaws.com |
AWS Lambda (built-in), AWS Lambda |
elasticloadbalancing.<REGION>.amazonaws.com |
Amazon Application and Network Load Balancer (built-in), Amazon Elastic Load Balancer (ELB) (built-in) |
dynamodb.<REGION>.amazonaws.com |
Amazon DynamoDB (built-in), Amazon DynamoDB |
ec2.<REGION>.amazonaws.com |
Amazon EBS (built-in), Amazon EC2 (built-in), Amazon EBS, Amazon EC2 Spot Fleet, Amazon VPC NAT Gateways, AWS Transit Gateway, AWS Site-to-Site VPN |
rds.<REGION>.amazonaws.com |
Amazon RDS (built-in), Amazon Aurora, Amazon DocumentDB, Amazon Neptune, Amazon RDS |
s3.<REGION>.amazonaws.com |
Amazon S3 (built-in) |
acm-pca.<REGION>.amazonaws.com |
AWS Certificate Manager Private Certificate Authority |
apigateway.<REGION>.amazonaws.com |
Amazon API Gateway |
apprunner.<REGION>.amazonaws.com |
AWS App Runner |
appstream2.<REGION>.amazonaws.com |
Amazon AppStream |
appsync.<REGION>.amazonaws.com |
AWS AppSync |
athena.<REGION>.amazonaws.com |
Amazon Athena |
cloudfront.amazonaws.com |
Amazon CloudFront |
cloudhsmv2.<REGION>.amazonaws.com |
AWS CloudHSM |
cloudsearch.<REGION>.amazonaws.com |
Amazon CloudSearch |
codebuild.<REGION>.amazonaws.com |
AWS CodeBuild |
datasync.<REGION>.amazonaws.com |
AWS DataSync |
dax.<REGION>.amazonaws.com |
Amazon DynamoDB Accelerator (DAX) |
dms.<REGION>.amazonaws.com |
AWS Database Migration Service (AWS DMS) |
directconnect.<REGION>.amazonaws.com |
AWS Direct Connect |
ecs.<REGION>.amazonaws.com |
Amazon Elastic Container Service (ECS), Amazon ECS Container Insights |
elasticfilesystem.<REGION>.amazonaws.com |
Amazon Elastic File System (EFS) |
eks.<REGION>.amazonaws.com |
Amazon Elastic Kubernetes Service (EKS) |
elasticache.<REGION>.amazonaws.com |
Amazon ElastiCache (EC) |
elasticbeanstalk.<REGION>.amazonaws.com |
AWS Elastic Beanstalk |
elastictranscoder.<REGION>.amazonaws.com |
Amazon Elastic Transcoder |
es.<REGION>.amazonaws.com |
Amazon Elasticsearch Service (ES) |
events.<REGION>.amazonaws.com |
Amazon EventBridge |
fsx.<REGION>.amazonaws.com |
Amazon FSx |
gamelift.<REGION>.amazonaws.com |
Amazon GameLift |
glue.<REGION>.amazonaws.com |
AWS Glue |
inspector.<REGION>.amazonaws.com |
Amazon Inspector |
kafka.<REGION>.amazonaws.com |
Amazon Managed Streaming for Kafka |
models.lex.<REGION>.amazonaws.com |
Amazon Lex |
logs.<REGION>.amazonaws.com |
Amazon CloudWatch Logs |
api.mediatailor.<REGION>.amazonaws.com |
AWS Elemental MediaTailor |
mediaconnect.<REGION>.amazonaws.com |
AWS Elemental MediaConnect |
mediapackage.<REGION>.amazonaws.com |
AWS Elemental MediaPackage Live |
mediapackage-vod.<REGION>.amazonaws.com |
AWS Elemental MediaPackage Video on Demand |
opsworks.<REGION>.amazonaws.com |
AWS OpsWorks |
qldb.<REGION>.amazonaws.com |
Amazon QLDB |
redshift.<REGION>.amazonaws.com |
Amazon Redshift |
robomaker.<REGION>.amazonaws.com |
AWS RoboMaker |
route53.amazonaws.com |
Amazon Route 53 |
route53resolver.<REGION>.amazonaws.com |
Amazon Route 53 Resolver |
api.sagemaker.<REGION>.amazonaws.com |
Amazon SageMaker Endpoints, Amazon SageMaker Endpoint Instances |
sns.<REGION>.amazonaws.com |
Amazon Simple Notification Service (SNS) |
sqs.<REGION>.amazonaws.com |
Amazon Simple Queue Service (SQS) |
storagegateway.<REGION>.amazonaws.com |
AWS Storage Gateway |
swf.<REGION>.amazonaws.com |
Amazon SWF |
transfer.<REGION>.amazonaws.com |
AWS Transfer Family |
workmail.<REGION>.amazonaws.com |
Amazon WorkMail |
workspaces.<REGION>.amazonaws.com |
Amazon WorkSpaces |
Enable monitoring¶
To learn how to enable service monitoring, see Enable service monitoring.
View service metrics¶
You can view the service metrics in your Dynatrace environment either on the custom device overview page or on your Dashboards page.
View metrics on the custom device overview page¶
To access the custom device overview page
- Go to
Technologies & Processes Classic. - Filter by service name and select the relevant custom device group.
- Once you select the custom device group, you're on the custom device group overview page.
- The custom device group overview page lists all instances (custom devices) belonging to the group. Select an instance to view the custom device overview page.
View metrics on your dashboard¶
After you add the service to monitoring, a preset dashboard containing all recommended metrics is automatically listed on your Dashboards page. To look for specific dashboards, filter by Preset and then by Name.

For existing monitored services, you might need to resave your credentials for the preset dashboard to appear on the Dashboards page. To resave your credentials, go to Settings > Cloud and virtualization > AWS, select the desired AWS instance, and then select Save.
You can't make changes on a preset dashboard directly, but you can clone and edit it. To clone a dashboard, open the browse menu (â¦) and select Clone.
To remove a dashboard from the dashboards page, you can hide it. To hide a dashboard, open the browse menu (â¦) and select Hide.
Hiding a dashboard doesn't affect other users.

To check the availability of preset dashboards for each AWS service, see the list below.
Preset dashboard availability list¶
| AWS service | Preset dashboard |
|---|---|
| Amazon EC2 Auto Scaling (built-in) | Not applicable |
| AWS Lambda (built-in) | Not applicable |
| Amazon Application and Network Load Balancer (built-in) | Not applicable |
| Amazon DynamoDB (built-in) | Not applicable |
| Amazon EBS (built-in) | Not applicable |
| Amazon EC2 (built-in) | Not applicable |
| Amazon Elastic Load Balancer (ELB) (built-in) | Not applicable |
| Amazon RDS (built-in) | Not applicable |
| Amazon S3 (built-in) | Not applicable |
| AWS Certificate Manager Private Certificate Authority | Not applicable |
| All monitored Amazon services | Not applicable |
| Amazon API Gateway | Not applicable |
| AWS App Runner | Not applicable |
| Amazon AppStream | Applicable |
| AWS AppSync | Applicable |
| Amazon Athena | Applicable |
| Amazon Aurora | Not applicable |
| Amazon EC2 Auto Scaling | Applicable |
| AWS Billing | Applicable |
| Amazon Keyspaces | Applicable |
| AWS Chatbot | Applicable |
| Amazon CloudFront | Not applicable |
| AWS CloudHSM | Applicable |
| Amazon CloudSearch | Applicable |
| AWS CodeBuild | Applicable |
| Amazon Cognito | Not applicable |
| Amazon Connect | Applicable |
| AWS DataSync | Applicable |
| Amazon DynamoDB Accelerator (DAX) | Applicable |
| AWS Database Migration Service (AWS DMS) | Applicable |
| Amazon DocumentDB | Applicable |
| AWS Direct Connect | Applicable |
| Amazon DynamoDB | Not applicable |
| Amazon EBS | Not applicable |
| Amazon EC2 Spot Fleet | Not applicable |
| Amazon EC2 API | Applicable |
| Amazon Elastic Container Service (ECS) | Not applicable |
| Amazon ECS Container Insights | Applicable |
| Amazon Elastic File System (EFS) | Not applicable |
| Amazon Elastic Kubernetes Service (EKS) | Applicable |
| Amazon ElastiCache (EC) | Not applicable |
| AWS Elastic Beanstalk | Applicable |
| Amazon Elastic Inference | Applicable |
| Amazon Elastic Transcoder | Applicable |
| Amazon Elastic Map Reduce (EMR) | Not applicable |
| Amazon Elasticsearch Service (ES) | Not applicable |
| Amazon EventBridge | Applicable |
| Amazon FSx | Applicable |
| Amazon GameLift | Applicable |
| AWS Glue | Not applicable |
| Amazon Inspector | Applicable |
| AWS Internet of Things (IoT) | Not applicable |
| AWS IoT Things Graph | Applicable |
| AWS IoT Analytics | Applicable |
| Amazon Managed Streaming for Kafka | Applicable |
| Amazon Kinesis Data Analytics | Not applicable |
| Amazon Data Firehose | Not applicable |
| Amazon Kinesis Data Streams | Not applicable |
| Amazon Kinesis Video Streams | Not applicable |
| AWS Lambda | Not applicable |
| Amazon Lex | Applicable |
| Amazon CloudWatch Logs | Applicable |
| AWS Elemental MediaTailor | Applicable |
| AWS Elemental MediaConnect | Applicable |
| AWS Elemental MediaConvert | Applicable |
| AWS Elemental MediaPackage Live | Applicable |
| AWS Elemental MediaPackage Video on Demand | Applicable |
| Amazon MQ | Applicable |
| Amazon VPC NAT Gateways | Not applicable |
| Amazon Neptune | Applicable |
| AWS OpsWorks | Applicable |
| Amazon Polly | Applicable |
| Amazon QLDB | Applicable |
| Amazon RDS | Not applicable |
| Amazon Redshift | Not applicable |
| Amazon Rekognition | Applicable |
| AWS RoboMaker | Applicable |
| Amazon Route 53 | Applicable |
| Amazon Route 53 Resolver | Applicable |
| Amazon S3 | Not applicable |
| Amazon SageMaker Batch Transform Jobs | Not applicable |
| Amazon SageMaker Endpoints | Not applicable |
| Amazon SageMaker Endpoint Instances | Not applicable |
| Amazon SageMaker Ground Truth | Not applicable |
| Amazon SageMaker Processing Jobs | Not applicable |
| Amazon SageMaker Training Jobs | Not applicable |
| AWS Service Catalog | Applicable |
| Amazon Simple Email Service (SES) | Not applicable |
| Amazon Simple Notification Service (SNS) | Not applicable |
| Amazon Simple Queue Service (SQS) | Not applicable |
| AWS Systems Manager - Run Command | Applicable |
| AWS Step Functions | Applicable |
| AWS Storage Gateway | Applicable |
| Amazon SWF | Applicable |
| Amazon Textract | Applicable |
| AWS Transfer Family | Applicable |
| AWS Transit Gateway | Applicable |
| Amazon Translate | Applicable |
| AWS Trusted Advisor | Applicable |
| AWS API Usage | Applicable |
| AWS Site-to-Site VPN | Applicable |
| AWS WAF Classic | Applicable |
| AWS WAF | Applicable |
| Amazon WorkMail | Applicable |
| Amazon WorkSpaces | Applicable |

Available metrics¶
Fleet is the main dimension.
| Name | Description | Unit | Statistics | Dimensions | Recommended |
|---|---|---|---|---|---|
| ActualCapacity | The total number of instances that are available for streaming or are currently streaming. ActualCapacity = AvailableCapacity + InUseCapacity. |
Count | Multi | Fleet | Applicable |
| AvailableCapacity | The number of idle instances currently available for user sessions. AvailableCapacity = ActualCapacity - InUseCapacity. |
Count | Multi | Fleet | Applicable |
| CapacityUtilization | The percentage of instances in a fleet that are being used, using the following formula. CapacityUtilization = (InUseCapacity/ActualCapacity) Ã 100. |
Percent | Multi | Fleet | Applicable |
| DesiredCapacity | The total number of instances that are either running or pending. This represents the total number of concurrent streaming sessions your fleet can support in a steady state. DesiredCapacity = ActualCapacity + PendingCapacity. |
Count | Multi | Fleet | Applicable |
| InUseCapacity | The number of instances currently being used for streaming sessions. One InUseCapacity count represents one streaming session. |
Count | Multi | Fleet | Applicable |
| InsufficientCapacityError | The number of session requests rejected due to lack of capacity. | Count | Sum | Fleet | |
| PendingCapacity | The number of instances being provisioned by AppStream 2.0. Represents the additional number of streaming sessions the fleet can support after provisioning is complete. When provisioning starts, it usually takes 10-20 minutes for an instance to become available for streaming. | Count | Multi | Fleet | Applicable |
Source: aws-service-appsync.md¶
title: AWS AppSync monitoring source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-with-aws/aws-all-services/aws-service-appsync scraped: 2026-02-18T05:56:53.462765
AWS AppSync monitoring¶
AWS AppSync monitoring¶
- How-to guide
- 3-min read
- Published Jul 06, 2020
Dynatrace ingests metrics for multiple preselected namespaces, including AWS AppSync. You can view metrics for each service instance, split metrics into multiple dimensions, and create custom charts that you can pin to your dashboards.
Prerequisites¶
To enable monitoring for this service, you need
-
ActiveGate version 1.197+
-
For Dynatrace SaaS deployments, you need an Environment ActiveGate or a Multi-environment ActiveGate.
For role-based access in SaaS deployment, you need an Environment ActiveGate installed on an Amazon EC2 host.
- Dynatrace version 1.200+
- An updated AWS monitoring policy to include the additional AWS services.
To update the AWS IAM policy, use the JSON below, containing the monitoring policy (permissions) for all supporting services.
JSON predefined policy for all supporting services
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"acm-pca:ListCertificateAuthorities",
"apigateway:GET",
"apprunner:ListServices",
"appstream:DescribeFleets",
"appsync:ListGraphqlApis",
"athena:ListWorkGroups",
"autoscaling:DescribeAutoScalingGroups",
"cloudformation:ListStackResources",
"cloudfront:ListDistributions",
"cloudhsm:DescribeClusters",
"cloudsearch:DescribeDomains",
"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"codebuild:ListProjects",
"datasync:ListTasks",
"dax:DescribeClusters",
"directconnect:DescribeConnections",
"dms:DescribeReplicationInstances",
"dynamodb:ListTables",
"dynamodb:ListTagsOfResource",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeInstances",
"ec2:DescribeNatGateways",
"ec2:DescribeSpotFleetRequests",
"ec2:DescribeTransitGateways",
"ec2:DescribeVolumes",
"ec2:DescribeVpnConnections",
"ecs:ListClusters",
"eks:ListClusters",
"elasticache:DescribeCacheClusters",
"elasticbeanstalk:DescribeEnvironmentResources",
"elasticbeanstalk:DescribeEnvironments",
"elasticfilesystem:DescribeFileSystems",
"elasticloadbalancing:DescribeInstanceHealth",
"elasticloadbalancing:DescribeListeners",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeRules",
"elasticloadbalancing:DescribeTags",
"elasticloadbalancing:DescribeTargetHealth",
"elasticmapreduce:ListClusters",
"elastictranscoder:ListPipelines",
"es:ListDomainNames",
"events:ListEventBuses",
"firehose:ListDeliveryStreams",
"fsx:DescribeFileSystems",
"gamelift:ListFleets",
"glue:GetJobs",
"inspector:ListAssessmentTemplates",
"kafka:ListClusters",
"kinesis:ListStreams",
"kinesisanalytics:ListApplications",
"kinesisvideo:ListStreams",
"lambda:ListFunctions",
"lambda:ListTags",
"lex:GetBots",
"logs:DescribeLogGroups",
"mediaconnect:ListFlows",
"mediaconvert:DescribeEndpoints",
"mediapackage-vod:ListPackagingConfigurations",
"mediapackage:ListChannels",
"mediatailor:ListPlaybackConfigurations",
"opsworks:DescribeStacks",
"qldb:ListLedgers",
"rds:DescribeDBClusters",
"rds:DescribeDBInstances",
"rds:DescribeEvents",
"rds:ListTagsForResource",
"redshift:DescribeClusters",
"robomaker:ListSimulationJobs",
"route53:ListHostedZones",
"route53resolver:ListResolverEndpoints",
"s3:ListAllMyBuckets",
"sagemaker:ListEndpoints",
"sns:ListTopics",
"sqs:ListQueues",
"storagegateway:ListGateways",
"sts:GetCallerIdentity",
"swf:ListDomains",
"tag:GetResources",
"tag:GetTagKeys",
"transfer:ListServers",
"workmail:ListOrganizations",
"workspaces:DescribeWorkspaces"
],
"Resource": "*"
}
]
}
If you don't want to add permissions to all services, and just select permissions for certain services, consult the table below. The table contains a set of permissions that are required for All AWS cloud services and, for each supporting service, a list of optional permissions specific to that service.
Permissions required for AWS monitoring integration:
"cloudwatch:GetMetricData""cloudwatch:GetMetricStatistics""cloudwatch:ListMetrics""sts:GetCallerIdentity""tag:GetResources""tag:GetTagKeys""ec2:DescribeAvailabilityZones"
Complete list of permissions for cloud services¶
| Name | Permissions |
|---|---|
| All monitored Amazon services Required | cloudwatch:GetMetricData, cloudwatch:GetMetricStatistics, cloudwatch:ListMetrics, sts:GetCallerIdentity, tag:GetResources, tag:GetTagKeys, ec2:DescribeAvailabilityZones |
| AWS Certificate Manager Private Certificate Authority | acm-pca:ListCertificateAuthorities |
| Amazon MQ | |
| Amazon API Gateway | apigateway:GET |
| AWS App Runner | apprunner:ListServices |
| Amazon AppStream | appstream:DescribeFleets |
| AWS AppSync | appsync:ListGraphqlApis |
| Amazon Athena | athena:ListWorkGroups |
| Amazon Aurora | rds:DescribeDBClusters |
| Amazon EC2 Auto Scaling | autoscaling:DescribeAutoScalingGroups |
| Amazon EC2 Auto Scaling (built-in) | autoscaling:DescribeAutoScalingGroups |
| AWS Billing | |
| Amazon Keyspaces | |
| AWS Chatbot | |
| Amazon CloudFront | cloudfront:ListDistributions |
| AWS CloudHSM | cloudhsm:DescribeClusters |
| Amazon CloudSearch | cloudsearch:DescribeDomains |
| AWS CodeBuild | codebuild:ListProjects |
| Amazon Cognito | |
| Amazon Connect | |
| Amazon Elastic Kubernetes Service (EKS) | eks:ListClusters |
| AWS DataSync | datasync:ListTasks |
| Amazon DynamoDB Accelerator (DAX) | dax:DescribeClusters |
| AWS Database Migration Service (AWS DMS) | dms:DescribeReplicationInstances |
| Amazon DocumentDB | rds:DescribeDBClusters |
| AWS Direct Connect | directconnect:DescribeConnections |
| Amazon DynamoDB | dynamodb:ListTables |
| Amazon DynamoDB (built-in) | dynamodb:ListTables, dynamodb:ListTagsOfResource |
| Amazon EBS | ec2:DescribeVolumes |
| Amazon EBS (built-in) | ec2:DescribeVolumes |
| Amazon EC2 API | |
| Amazon EC2 (built-in) | ec2:DescribeInstances |
| Amazon EC2 Spot Fleet | ec2:DescribeSpotFleetRequests |
| Amazon Elastic Container Service (ECS) | ecs:ListClusters |
| Amazon ECS Container Insights | ecs:ListClusters |
| Amazon ElastiCache (EC) | elasticache:DescribeCacheClusters |
| AWS Elastic Beanstalk | elasticbeanstalk:DescribeEnvironments |
| Amazon Elastic File System (EFS) | elasticfilesystem:DescribeFileSystems |
| Amazon Elastic Inference | |
| Amazon Elastic Map Reduce (EMR) | elasticmapreduce:ListClusters |
| Amazon Elasticsearch Service (ES) | es:ListDomainNames |
| Amazon Elastic Transcoder | elastictranscoder:ListPipelines |
| Amazon Elastic Load Balancer (ELB) (built-in) | elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth |
| Amazon EventBridge | events:ListEventBuses |
| Amazon FSx | fsx:DescribeFileSystems |
| Amazon GameLift | gamelift:ListFleets |
| AWS Glue | glue:GetJobs |
| Amazon Inspector | inspector:ListAssessmentTemplates |
| AWS Internet of Things (IoT) | |
| AWS IoT Analytics | |
| Amazon Managed Streaming for Kafka | kafka:ListClusters |
| Amazon Kinesis Data Analytics | kinesisanalytics:ListApplications |
| Amazon Data Firehose | firehose:ListDeliveryStreams |
| Amazon Kinesis Data Streams | kinesis:ListStreams |
| Amazon Kinesis Video Streams | kinesisvideo:ListStreams |
| AWS Lambda | lambda:ListFunctions |
| AWS Lambda (built-in) | lambda:ListFunctions, lambda:ListTags |
| Amazon Lex | lex:GetBots |
| Amazon Application and Network Load Balancer (built-in) | elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth |
| Amazon CloudWatch Logs | logs:DescribeLogGroups |
| AWS Elemental MediaConnect | mediaconnect:ListFlows |
| AWS Elemental MediaConvert | mediaconvert:DescribeEndpoints |
| AWS Elemental MediaPackage Live | mediapackage:ListChannels |
| AWS Elemental MediaPackage Video on Demand | mediapackage-vod:ListPackagingConfigurations |
| AWS Elemental MediaTailor | mediatailor:ListPlaybackConfigurations |
| Amazon VPC NAT Gateways | ec2:DescribeNatGateways |
| Amazon Neptune | rds:DescribeDBClusters |
| AWS OpsWorks | opsworks:DescribeStacks |
| Amazon Polly | |
| Amazon QLDB | qldb:ListLedgers |
| Amazon RDS | rds:DescribeDBInstances |
| Amazon RDS (built-in) | rds:DescribeDBInstances, rds:DescribeEvents, rds:ListTagsForResource |
| Amazon Redshift | redshift:DescribeClusters |
| Amazon Rekognition | |
| AWS RoboMaker | robomaker:ListSimulationJobs |
| Amazon Route 53 | route53:ListHostedZones |
| Amazon Route 53 Resolver | route53resolver:ListResolverEndpoints |
| Amazon S3 | s3:ListAllMyBuckets |
| Amazon S3 (built-in) | s3:ListAllMyBuckets |
| Amazon SageMaker Batch Transform Jobs | |
| Amazon SageMaker Endpoint Instances | sagemaker:ListEndpoints |
| Amazon SageMaker Endpoints | sagemaker:ListEndpoints |
| Amazon SageMaker Ground Truth | |
| Amazon SageMaker Processing Jobs | |
| Amazon SageMaker Training Jobs | |
| AWS Service Catalog | |
| Amazon Simple Email Service (SES) | |
| Amazon Simple Notification Service (SNS) | sns:ListTopics |
| Amazon Simple Queue Service (SQS) | sqs:ListQueues |
| AWS Systems Manager - Run Command | |
| AWS Step Functions | |
| AWS Storage Gateway | storagegateway:ListGateways |
| Amazon SWF | swf:ListDomains |
| Amazon Textract | |
| AWS IoT Things Graph | |
| AWS Transfer Family | transfer:ListServers |
| AWS Transit Gateway | ec2:DescribeTransitGateways |
| Amazon Translate | |
| AWS Trusted Advisor | |
| AWS API Usage | |
| AWS Site-to-Site VPN | ec2:DescribeVpnConnections |
| AWS WAF Classic | |
| AWS WAF | |
| Amazon WorkMail | workmail:ListOrganizations |
| Amazon WorkSpaces | workspaces:DescribeWorkspaces |
Example of JSON policy for one single service.
JSON policy for Amazon API Gateway
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"apigateway:GET",
"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"sts:GetCallerIdentity",
"tag:GetResources",
"tag:GetTagKeys",
"ec2:DescribeAvailabilityZones"
],
"Resource": "*"
}
]
}
In this example, from the complete list of permissions you need to select
"apigateway:GET"for Amazon API Gateway"cloudwatch:GetMetricData","cloudwatch:GetMetricStatistics","cloudwatch:ListMetrics","sts:GetCallerIdentity","tag:GetResources","tag:GetTagKeys", and"ec2:DescribeAvailabilityZones"for All AWS cloud services.
AWS endpoints that need to be reachable from ActiveGate with corresponding AWS services¶
| Endpoint | Service |
|---|---|
autoscaling.<REGION>.amazonaws.com |
Amazon EC2 Auto Scaling (built-in), Amazon EC2 Auto Scaling |
lambda.<REGION>.amazonaws.com |
AWS Lambda (built-in), AWS Lambda |
elasticloadbalancing.<REGION>.amazonaws.com |
Amazon Application and Network Load Balancer (built-in), Amazon Elastic Load Balancer (ELB) (built-in) |
dynamodb.<REGION>.amazonaws.com |
Amazon DynamoDB (built-in), Amazon DynamoDB |
ec2.<REGION>.amazonaws.com |
Amazon EBS (built-in), Amazon EC2 (built-in), Amazon EBS, Amazon EC2 Spot Fleet, Amazon VPC NAT Gateways, AWS Transit Gateway, AWS Site-to-Site VPN |
rds.<REGION>.amazonaws.com |
Amazon RDS (built-in), Amazon Aurora, Amazon DocumentDB, Amazon Neptune, Amazon RDS |
s3.<REGION>.amazonaws.com |
Amazon S3 (built-in) |
acm-pca.<REGION>.amazonaws.com |
AWS Certificate Manager Private Certificate Authority |
apigateway.<REGION>.amazonaws.com |
Amazon API Gateway |
apprunner.<REGION>.amazonaws.com |
AWS App Runner |
appstream2.<REGION>.amazonaws.com |
Amazon AppStream |
appsync.<REGION>.amazonaws.com |
AWS AppSync |
athena.<REGION>.amazonaws.com |
Amazon Athena |
cloudfront.amazonaws.com |
Amazon CloudFront |
cloudhsmv2.<REGION>.amazonaws.com |
AWS CloudHSM |
cloudsearch.<REGION>.amazonaws.com |
Amazon CloudSearch |
codebuild.<REGION>.amazonaws.com |
AWS CodeBuild |
datasync.<REGION>.amazonaws.com |
AWS DataSync |
dax.<REGION>.amazonaws.com |
Amazon DynamoDB Accelerator (DAX) |
dms.<REGION>.amazonaws.com |
AWS Database Migration Service (AWS DMS) |
directconnect.<REGION>.amazonaws.com |
AWS Direct Connect |
ecs.<REGION>.amazonaws.com |
Amazon Elastic Container Service (ECS), Amazon ECS Container Insights |
elasticfilesystem.<REGION>.amazonaws.com |
Amazon Elastic File System (EFS) |
eks.<REGION>.amazonaws.com |
Amazon Elastic Kubernetes Service (EKS) |
elasticache.<REGION>.amazonaws.com |
Amazon ElastiCache (EC) |
elasticbeanstalk.<REGION>.amazonaws.com |
AWS Elastic Beanstalk |
elastictranscoder.<REGION>.amazonaws.com |
Amazon Elastic Transcoder |
es.<REGION>.amazonaws.com |
Amazon Elasticsearch Service (ES) |
events.<REGION>.amazonaws.com |
Amazon EventBridge |
fsx.<REGION>.amazonaws.com |
Amazon FSx |
gamelift.<REGION>.amazonaws.com |
Amazon GameLift |
glue.<REGION>.amazonaws.com |
AWS Glue |
inspector.<REGION>.amazonaws.com |
Amazon Inspector |
kafka.<REGION>.amazonaws.com |
Amazon Managed Streaming for Kafka |
models.lex.<REGION>.amazonaws.com |
Amazon Lex |
logs.<REGION>.amazonaws.com |
Amazon CloudWatch Logs |
api.mediatailor.<REGION>.amazonaws.com |
AWS Elemental MediaTailor |
mediaconnect.<REGION>.amazonaws.com |
AWS Elemental MediaConnect |
mediapackage.<REGION>.amazonaws.com |
AWS Elemental MediaPackage Live |
mediapackage-vod.<REGION>.amazonaws.com |
AWS Elemental MediaPackage Video on Demand |
opsworks.<REGION>.amazonaws.com |
AWS OpsWorks |
qldb.<REGION>.amazonaws.com |
Amazon QLDB |
redshift.<REGION>.amazonaws.com |
Amazon Redshift |
robomaker.<REGION>.amazonaws.com |
AWS RoboMaker |
route53.amazonaws.com |
Amazon Route 53 |
route53resolver.<REGION>.amazonaws.com |
Amazon Route 53 Resolver |
api.sagemaker.<REGION>.amazonaws.com |
Amazon SageMaker Endpoints, Amazon SageMaker Endpoint Instances |
sns.<REGION>.amazonaws.com |
Amazon Simple Notification Service (SNS) |
sqs.<REGION>.amazonaws.com |
Amazon Simple Queue Service (SQS) |
storagegateway.<REGION>.amazonaws.com |
AWS Storage Gateway |
swf.<REGION>.amazonaws.com |
Amazon SWF |
transfer.<REGION>.amazonaws.com |
AWS Transfer Family |
workmail.<REGION>.amazonaws.com |
Amazon WorkMail |
workspaces.<REGION>.amazonaws.com |
Amazon WorkSpaces |
Enable monitoring¶
To learn how to enable service monitoring, see Enable service monitoring.
View service metrics¶
You can view the service metrics in your Dynatrace environment either on the custom device overview page or on your Dashboards page.
View metrics on the custom device overview page¶
To access the custom device overview page
- Go to
Technologies & Processes Classic. - Filter by service name and select the relevant custom device group.
- Once you select the custom device group, you're on the custom device group overview page.
- The custom device group overview page lists all instances (custom devices) belonging to the group. Select an instance to view the custom device overview page.
View metrics on your dashboard¶
After you add the service to monitoring, a preset dashboard containing all recommended metrics is automatically listed on your Dashboards page. To look for specific dashboards, filter by Preset and then by Name.

For existing monitored services, you might need to resave your credentials for the preset dashboard to appear on the Dashboards page. To resave your credentials, go to Settings > Cloud and virtualization > AWS, select the desired AWS instance, and then select Save.
You can't make changes on a preset dashboard directly, but you can clone and edit it. To clone a dashboard, open the browse menu (â¦) and select Clone.
To remove a dashboard from the dashboards page, you can hide it. To hide a dashboard, open the browse menu (â¦) and select Hide.
Hiding a dashboard doesn't affect other users.

To check the availability of preset dashboards for each AWS service, see the list below.
Preset dashboard availability list¶
| AWS service | Preset dashboard |
|---|---|
| Amazon EC2 Auto Scaling (built-in) | Not applicable |
| AWS Lambda (built-in) | Not applicable |
| Amazon Application and Network Load Balancer (built-in) | Not applicable |
| Amazon DynamoDB (built-in) | Not applicable |
| Amazon EBS (built-in) | Not applicable |
| Amazon EC2 (built-in) | Not applicable |
| Amazon Elastic Load Balancer (ELB) (built-in) | Not applicable |
| Amazon RDS (built-in) | Not applicable |
| Amazon S3 (built-in) | Not applicable |
| AWS Certificate Manager Private Certificate Authority | Not applicable |
| All monitored Amazon services | Not applicable |
| Amazon API Gateway | Not applicable |
| AWS App Runner | Not applicable |
| Amazon AppStream | Applicable |
| AWS AppSync | Applicable |
| Amazon Athena | Applicable |
| Amazon Aurora | Not applicable |
| Amazon EC2 Auto Scaling | Applicable |
| AWS Billing | Applicable |
| Amazon Keyspaces | Applicable |
| AWS Chatbot | Applicable |
| Amazon CloudFront | Not applicable |
| AWS CloudHSM | Applicable |
| Amazon CloudSearch | Applicable |
| AWS CodeBuild | Applicable |
| Amazon Cognito | Not applicable |
| Amazon Connect | Applicable |
| AWS DataSync | Applicable |
| Amazon DynamoDB Accelerator (DAX) | Applicable |
| AWS Database Migration Service (AWS DMS) | Applicable |
| Amazon DocumentDB | Applicable |
| AWS Direct Connect | Applicable |
| Amazon DynamoDB | Not applicable |
| Amazon EBS | Not applicable |
| Amazon EC2 Spot Fleet | Not applicable |
| Amazon EC2 API | Applicable |
| Amazon Elastic Container Service (ECS) | Not applicable |
| Amazon ECS Container Insights | Applicable |
| Amazon Elastic File System (EFS) | Not applicable |
| Amazon Elastic Kubernetes Service (EKS) | Applicable |
| Amazon ElastiCache (EC) | Not applicable |
| AWS Elastic Beanstalk | Applicable |
| Amazon Elastic Inference | Applicable |
| Amazon Elastic Transcoder | Applicable |
| Amazon Elastic Map Reduce (EMR) | Not applicable |
| Amazon Elasticsearch Service (ES) | Not applicable |
| Amazon EventBridge | Applicable |
| Amazon FSx | Applicable |
| Amazon GameLift | Applicable |
| AWS Glue | Not applicable |
| Amazon Inspector | Applicable |
| AWS Internet of Things (IoT) | Not applicable |
| AWS IoT Things Graph | Applicable |
| AWS IoT Analytics | Applicable |
| Amazon Managed Streaming for Kafka | Applicable |
| Amazon Kinesis Data Analytics | Not applicable |
| Amazon Data Firehose | Not applicable |
| Amazon Kinesis Data Streams | Not applicable |
| Amazon Kinesis Video Streams | Not applicable |
| AWS Lambda | Not applicable |
| Amazon Lex | Applicable |
| Amazon CloudWatch Logs | Applicable |
| AWS Elemental MediaTailor | Applicable |
| AWS Elemental MediaConnect | Applicable |
| AWS Elemental MediaConvert | Applicable |
| AWS Elemental MediaPackage Live | Applicable |
| AWS Elemental MediaPackage Video on Demand | Applicable |
| Amazon MQ | Applicable |
| Amazon VPC NAT Gateways | Not applicable |
| Amazon Neptune | Applicable |
| AWS OpsWorks | Applicable |
| Amazon Polly | Applicable |
| Amazon QLDB | Applicable |
| Amazon RDS | Not applicable |
| Amazon Redshift | Not applicable |
| Amazon Rekognition | Applicable |
| AWS RoboMaker | Applicable |
| Amazon Route 53 | Applicable |
| Amazon Route 53 Resolver | Applicable |
| Amazon S3 | Not applicable |
| Amazon SageMaker Batch Transform Jobs | Not applicable |
| Amazon SageMaker Endpoints | Not applicable |
| Amazon SageMaker Endpoint Instances | Not applicable |
| Amazon SageMaker Ground Truth | Not applicable |
| Amazon SageMaker Processing Jobs | Not applicable |
| Amazon SageMaker Training Jobs | Not applicable |
| AWS Service Catalog | Applicable |
| Amazon Simple Email Service (SES) | Not applicable |
| Amazon Simple Notification Service (SNS) | Not applicable |
| Amazon Simple Queue Service (SQS) | Not applicable |
| AWS Systems Manager - Run Command | Applicable |
| AWS Step Functions | Applicable |
| AWS Storage Gateway | Applicable |
| Amazon SWF | Applicable |
| Amazon Textract | Applicable |
| AWS Transfer Family | Applicable |
| AWS Transit Gateway | Applicable |
| Amazon Translate | Applicable |
| AWS Trusted Advisor | Applicable |
| AWS API Usage | Applicable |
| AWS Site-to-Site VPN | Applicable |
| AWS WAF Classic | Applicable |
| AWS WAF | Applicable |
| Amazon WorkMail | Applicable |
| Amazon WorkSpaces | Applicable |

Available metrics¶
GraphQLAPIId is the main dimension.
| Name | Description | Unit | Statistics | Dimensions | Recommended |
|---|---|---|---|---|---|
| ActiveConnections | The number of concurrent WebSocket connections from clients to AWS AppSync in 1 minute | Count | Sum | GraphQLAPIId | Applicable |
| ActiveSubscriptions | The number of concurrent subscriptions from clients in 1 minute | Count | Sum | GraphQLAPIId | Applicable |
| ConnectClientError | The number of WebSocket connections that were rejected by AWS AppSync because of client-side errors | Count | Sum | GraphQLAPIId | Applicable |
| ConnectServerError | The number of errors that originated from AWS AppSync while processing connections | Count | Sum | GraphQLAPIId | Applicable |
| ConnectSuccess | The number of successful WebSocket connections to AWS AppSync | Count | Sum | GraphQLAPIId | Applicable |
| ConnectionDuration | The amount of time that the connection stays open | Milliseconds | Multi | GraphQLAPIId | Applicable |
| DisconnectClientError | The number of errors that originated from AWS AppSync when disconnecting WebSocket connections due to client-side errors | Count | Sum | GraphQLAPIId | Applicable |
| DisconnectServerError | The number of errors that originated from AWS AppSync when disconnecting WebSocket connections while processing connections | Count | Sum | GraphQLAPIId | Applicable |
| DisconnectSuccess | The number of successful WebSocket disconnections from AWS AppSync | Count | Sum | GraphQLAPIId | Applicable |
| Latency | The time between when AWS AppSync receives a request from a client and when it returns a response to the client | Milliseconds | Multi | GraphQLAPIId | Applicable |
| PublishDataMessageClientError | The number of subscription event messages that failed to publish because of client-side errors | Count | Sum | GraphQLAPIId | Applicable |
| PublishDataMessageServerError | The number of errors that originated from AWS AppSync while publishing subscription event messages | Count | Sum | GraphQLAPIId | Applicable |
| PublishDataMessageSize | The size of subscription event messages published | Bytes | Multi | GraphQLAPIId | Applicable |
| PublishDataMessageSize | Bytes | Sum | GraphQLAPIId | Applicable | |
| PublishDataMessageSuccess | The number of subscription event messages that were successfully published | Count | Sum | GraphQLAPIId | Applicable |
| SubscribeServerError | The number of errors that originated from AWS AppSync while processing subscriptions | Count | Sum | GraphQLAPIId | Applicable |
| SubscribeSuccess | The number of subscriptions that were successfully registered to AWS AppSync through WebSocket | Count | Sum | GraphQLAPIId | Applicable |
| UnsubscribeClientError | The number of unsubscriptions that were rejected by AWS AppSync because of client-side errors | Count | Sum | GraphQLAPIId | Applicable |
| UnsubscribeServerError | The number of errors that originated from AWS AppSync while processing unsubscriptions | Count | Sum | GraphQLAPIId | Applicable |
| UnsubscribeSuccess | The number of unsubscriptions that were successfully processed from AWS AppSync | Count | Sum | GraphQLAPIId | Applicable |
| 4XXError | The number of client-side errors captured in a given period | Count | Sum | GraphQLAPIId | Applicable |
| 5XXError | The number of server-side errors captured in a given period | Count | Sum | GraphQLAPIId | Applicable |
Limitations¶
While Dynatrace doesn't support WebSocket traffic, the AppSync integration shows the WebSocket URL as part of the properties for the custom devices that are created.
Source: aws-service-chatbot.md¶
title: AWS Chatbot monitoring source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-with-aws/aws-all-services/aws-service-chatbot scraped: 2026-02-18T05:56:14.730679
AWS Chatbot monitoring¶
AWS Chatbot monitoring¶
- How-to guide
- 1-min read
- Published Sep 08, 2020
Dynatrace ingests metrics for multiple preselected namespaces, including AWS Chatbot. You can view metrics for each service instance, split metrics into multiple dimensions, and create custom charts that you can pin to your dashboards.
Prerequisites¶
To enable monitoring for this service, you need
-
ActiveGate version 1.197+
-
For Dynatrace SaaS deployments, you need an Environment ActiveGate or a Multi-environment ActiveGate.
For role-based access in a SaaS deployment, you need an Environment ActiveGate installed on an Amazon EC2 host.
- Dynatrace version 1.201+
- An updated AWS monitoring policy to include the additional AWS services.
To update the AWS IAM policy, use the JSON below, containing the monitoring policy (permissions) for all supporting services.
JSON predefined policy for all supporting services
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"acm-pca:ListCertificateAuthorities",
"apigateway:GET",
"apprunner:ListServices",
"appstream:DescribeFleets",
"appsync:ListGraphqlApis",
"athena:ListWorkGroups",
"autoscaling:DescribeAutoScalingGroups",
"cloudformation:ListStackResources",
"cloudfront:ListDistributions",
"cloudhsm:DescribeClusters",
"cloudsearch:DescribeDomains",
"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"codebuild:ListProjects",
"datasync:ListTasks",
"dax:DescribeClusters",
"directconnect:DescribeConnections",
"dms:DescribeReplicationInstances",
"dynamodb:ListTables",
"dynamodb:ListTagsOfResource",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeInstances",
"ec2:DescribeNatGateways",
"ec2:DescribeSpotFleetRequests",
"ec2:DescribeTransitGateways",
"ec2:DescribeVolumes",
"ec2:DescribeVpnConnections",
"ecs:ListClusters",
"eks:ListClusters",
"elasticache:DescribeCacheClusters",
"elasticbeanstalk:DescribeEnvironmentResources",
"elasticbeanstalk:DescribeEnvironments",
"elasticfilesystem:DescribeFileSystems",
"elasticloadbalancing:DescribeInstanceHealth",
"elasticloadbalancing:DescribeListeners",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeRules",
"elasticloadbalancing:DescribeTags",
"elasticloadbalancing:DescribeTargetHealth",
"elasticmapreduce:ListClusters",
"elastictranscoder:ListPipelines",
"es:ListDomainNames",
"events:ListEventBuses",
"firehose:ListDeliveryStreams",
"fsx:DescribeFileSystems",
"gamelift:ListFleets",
"glue:GetJobs",
"inspector:ListAssessmentTemplates",
"kafka:ListClusters",
"kinesis:ListStreams",
"kinesisanalytics:ListApplications",
"kinesisvideo:ListStreams",
"lambda:ListFunctions",
"lambda:ListTags",
"lex:GetBots",
"logs:DescribeLogGroups",
"mediaconnect:ListFlows",
"mediaconvert:DescribeEndpoints",
"mediapackage-vod:ListPackagingConfigurations",
"mediapackage:ListChannels",
"mediatailor:ListPlaybackConfigurations",
"opsworks:DescribeStacks",
"qldb:ListLedgers",
"rds:DescribeDBClusters",
"rds:DescribeDBInstances",
"rds:DescribeEvents",
"rds:ListTagsForResource",
"redshift:DescribeClusters",
"robomaker:ListSimulationJobs",
"route53:ListHostedZones",
"route53resolver:ListResolverEndpoints",
"s3:ListAllMyBuckets",
"sagemaker:ListEndpoints",
"sns:ListTopics",
"sqs:ListQueues",
"storagegateway:ListGateways",
"sts:GetCallerIdentity",
"swf:ListDomains",
"tag:GetResources",
"tag:GetTagKeys",
"transfer:ListServers",
"workmail:ListOrganizations",
"workspaces:DescribeWorkspaces"
],
"Resource": "*"
}
]
}
If you don't want to add permissions to all services, and just select permissions for certain services, consult the table below. The table contains a set of permissions that are required for All AWS cloud services and, for each supporting service, a list of optional permissions specific to that service.
Permissions required for AWS monitoring integration:
"cloudwatch:GetMetricData""cloudwatch:GetMetricStatistics""cloudwatch:ListMetrics""sts:GetCallerIdentity""tag:GetResources""tag:GetTagKeys""ec2:DescribeAvailabilityZones"
Complete list of permissions for cloud services¶
| Name | Permissions |
|---|---|
| All monitored Amazon services Required | cloudwatch:GetMetricData, cloudwatch:GetMetricStatistics, cloudwatch:ListMetrics, sts:GetCallerIdentity, tag:GetResources, tag:GetTagKeys, ec2:DescribeAvailabilityZones |
| AWS Certificate Manager Private Certificate Authority | acm-pca:ListCertificateAuthorities |
| Amazon MQ | |
| Amazon API Gateway | apigateway:GET |
| AWS App Runner | apprunner:ListServices |
| Amazon AppStream | appstream:DescribeFleets |
| AWS AppSync | appsync:ListGraphqlApis |
| Amazon Athena | athena:ListWorkGroups |
| Amazon Aurora | rds:DescribeDBClusters |
| Amazon EC2 Auto Scaling | autoscaling:DescribeAutoScalingGroups |
| Amazon EC2 Auto Scaling (built-in) | autoscaling:DescribeAutoScalingGroups |
| AWS Billing | |
| Amazon Keyspaces | |
| AWS Chatbot | |
| Amazon CloudFront | cloudfront:ListDistributions |
| AWS CloudHSM | cloudhsm:DescribeClusters |
| Amazon CloudSearch | cloudsearch:DescribeDomains |
| AWS CodeBuild | codebuild:ListProjects |
| Amazon Cognito | |
| Amazon Connect | |
| Amazon Elastic Kubernetes Service (EKS) | eks:ListClusters |
| AWS DataSync | datasync:ListTasks |
| Amazon DynamoDB Accelerator (DAX) | dax:DescribeClusters |
| AWS Database Migration Service (AWS DMS) | dms:DescribeReplicationInstances |
| Amazon DocumentDB | rds:DescribeDBClusters |
| AWS Direct Connect | directconnect:DescribeConnections |
| Amazon DynamoDB | dynamodb:ListTables |
| Amazon DynamoDB (built-in) | dynamodb:ListTables, dynamodb:ListTagsOfResource |
| Amazon EBS | ec2:DescribeVolumes |
| Amazon EBS (built-in) | ec2:DescribeVolumes |
| Amazon EC2 API | |
| Amazon EC2 (built-in) | ec2:DescribeInstances |
| Amazon EC2 Spot Fleet | ec2:DescribeSpotFleetRequests |
| Amazon Elastic Container Service (ECS) | ecs:ListClusters |
| Amazon ECS Container Insights | ecs:ListClusters |
| Amazon ElastiCache (EC) | elasticache:DescribeCacheClusters |
| AWS Elastic Beanstalk | elasticbeanstalk:DescribeEnvironments |
| Amazon Elastic File System (EFS) | elasticfilesystem:DescribeFileSystems |
| Amazon Elastic Inference | |
| Amazon Elastic Map Reduce (EMR) | elasticmapreduce:ListClusters |
| Amazon Elasticsearch Service (ES) | es:ListDomainNames |
| Amazon Elastic Transcoder | elastictranscoder:ListPipelines |
| Amazon Elastic Load Balancer (ELB) (built-in) | elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth |
| Amazon EventBridge | events:ListEventBuses |
| Amazon FSx | fsx:DescribeFileSystems |
| Amazon GameLift | gamelift:ListFleets |
| AWS Glue | glue:GetJobs |
| Amazon Inspector | inspector:ListAssessmentTemplates |
| AWS Internet of Things (IoT) | |
| AWS IoT Analytics | |
| Amazon Managed Streaming for Kafka | kafka:ListClusters |
| Amazon Kinesis Data Analytics | kinesisanalytics:ListApplications |
| Amazon Data Firehose | firehose:ListDeliveryStreams |
| Amazon Kinesis Data Streams | kinesis:ListStreams |
| Amazon Kinesis Video Streams | kinesisvideo:ListStreams |
| AWS Lambda | lambda:ListFunctions |
| AWS Lambda (built-in) | lambda:ListFunctions, lambda:ListTags |
| Amazon Lex | lex:GetBots |
| Amazon Application and Network Load Balancer (built-in) | elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth |
| Amazon CloudWatch Logs | logs:DescribeLogGroups |
| AWS Elemental MediaConnect | mediaconnect:ListFlows |
| AWS Elemental MediaConvert | mediaconvert:DescribeEndpoints |
| AWS Elemental MediaPackage Live | mediapackage:ListChannels |
| AWS Elemental MediaPackage Video on Demand | mediapackage-vod:ListPackagingConfigurations |
| AWS Elemental MediaTailor | mediatailor:ListPlaybackConfigurations |
| Amazon VPC NAT Gateways | ec2:DescribeNatGateways |
| Amazon Neptune | rds:DescribeDBClusters |
| AWS OpsWorks | opsworks:DescribeStacks |
| Amazon Polly | |
| Amazon QLDB | qldb:ListLedgers |
| Amazon RDS | rds:DescribeDBInstances |
| Amazon RDS (built-in) | rds:DescribeDBInstances, rds:DescribeEvents, rds:ListTagsForResource |
| Amazon Redshift | redshift:DescribeClusters |
| Amazon Rekognition | |
| AWS RoboMaker | robomaker:ListSimulationJobs |
| Amazon Route 53 | route53:ListHostedZones |
| Amazon Route 53 Resolver | route53resolver:ListResolverEndpoints |
| Amazon S3 | s3:ListAllMyBuckets |
| Amazon S3 (built-in) | s3:ListAllMyBuckets |
| Amazon SageMaker Batch Transform Jobs | |
| Amazon SageMaker Endpoint Instances | sagemaker:ListEndpoints |
| Amazon SageMaker Endpoints | sagemaker:ListEndpoints |
| Amazon SageMaker Ground Truth | |
| Amazon SageMaker Processing Jobs | |
| Amazon SageMaker Training Jobs | |
| AWS Service Catalog | |
| Amazon Simple Email Service (SES) | |
| Amazon Simple Notification Service (SNS) | sns:ListTopics |
| Amazon Simple Queue Service (SQS) | sqs:ListQueues |
| AWS Systems Manager - Run Command | |
| AWS Step Functions | |
| AWS Storage Gateway | storagegateway:ListGateways |
| Amazon SWF | swf:ListDomains |
| Amazon Textract | |
| AWS IoT Things Graph | |
| AWS Transfer Family | transfer:ListServers |
| AWS Transit Gateway | ec2:DescribeTransitGateways |
| Amazon Translate | |
| AWS Trusted Advisor | |
| AWS API Usage | |
| AWS Site-to-Site VPN | ec2:DescribeVpnConnections |
| AWS WAF Classic | |
| AWS WAF | |
| Amazon WorkMail | workmail:ListOrganizations |
| Amazon WorkSpaces | workspaces:DescribeWorkspaces |
Example of JSON policy for one single service.
JSON policy for Amazon API Gateway
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"apigateway:GET",
"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"sts:GetCallerIdentity",
"tag:GetResources",
"tag:GetTagKeys",
"ec2:DescribeAvailabilityZones"
],
"Resource": "*"
}
]
}
In this example, from the complete list of permissions you need to select
"apigateway:GET"for Amazon API Gateway"cloudwatch:GetMetricData","cloudwatch:GetMetricStatistics","cloudwatch:ListMetrics","sts:GetCallerIdentity","tag:GetResources","tag:GetTagKeys", and"ec2:DescribeAvailabilityZones"for All AWS cloud services.
Enable monitoring¶
To learn how to enable service monitoring, see Enable service monitoring.
View service metrics¶
You can view the service metrics in your Dynatrace environment either on the custom device overview page or on your Dashboards page.
View metrics on the custom device overview page¶
To access the custom device overview page
- Go to
Technologies & Processes Classic. - Filter by service name and select the relevant custom device group.
- Once you select the custom device group, you're on the custom device group overview page.
- The custom device group overview page lists all instances (custom devices) belonging to the group. Select an instance to view the custom device overview page.
View metrics on your dashboard¶
After you add the service to monitoring, a preset dashboard containing all recommended metrics is automatically listed on your Dashboards page. To look for specific dashboards, filter by Preset and then by Name.

For existing monitored services, you might need to resave your credentials for the preset dashboard to appear on the Dashboards page. To resave your credentials, go to Settings > Cloud and virtualization > AWS, select the desired AWS instance, and then select Save.
You can't make changes on a preset dashboard directly, but you can clone and edit it. To clone a dashboard, open the browse menu (â¦) and select Clone.
To remove a dashboard from the dashboards page, you can hide it. To hide a dashboard, open the browse menu (â¦) and select Hide.
Hiding a dashboard doesn't affect other users.

To check the availability of preset dashboards for each AWS service, see the list below.
Preset dashboard availability list¶
| AWS service | Preset dashboard |
|---|---|
| Amazon EC2 Auto Scaling (built-in) | Not applicable |
| AWS Lambda (built-in) | Not applicable |
| Amazon Application and Network Load Balancer (built-in) | Not applicable |
| Amazon DynamoDB (built-in) | Not applicable |
| Amazon EBS (built-in) | Not applicable |
| Amazon EC2 (built-in) | Not applicable |
| Amazon Elastic Load Balancer (ELB) (built-in) | Not applicable |
| Amazon RDS (built-in) | Not applicable |
| Amazon S3 (built-in) | Not applicable |
| AWS Certificate Manager Private Certificate Authority | Not applicable |
| All monitored Amazon services | Not applicable |
| Amazon API Gateway | Not applicable |
| AWS App Runner | Not applicable |
| Amazon AppStream | Applicable |
| AWS AppSync | Applicable |
| Amazon Athena | Applicable |
| Amazon Aurora | Not applicable |
| Amazon EC2 Auto Scaling | Applicable |
| AWS Billing | Applicable |
| Amazon Keyspaces | Applicable |
| AWS Chatbot | Applicable |
| Amazon CloudFront | Not applicable |
| AWS CloudHSM | Applicable |
| Amazon CloudSearch | Applicable |
| AWS CodeBuild | Applicable |
| Amazon Cognito | Not applicable |
| Amazon Connect | Applicable |
| AWS DataSync | Applicable |
| Amazon DynamoDB Accelerator (DAX) | Applicable |
| AWS Database Migration Service (AWS DMS) | Applicable |
| Amazon DocumentDB | Applicable |
| AWS Direct Connect | Applicable |
| Amazon DynamoDB | Not applicable |
| Amazon EBS | Not applicable |
| Amazon EC2 Spot Fleet | Not applicable |
| Amazon EC2 API | Applicable |
| Amazon Elastic Container Service (ECS) | Not applicable |
| Amazon ECS Container Insights | Applicable |
| Amazon Elastic File System (EFS) | Not applicable |
| Amazon Elastic Kubernetes Service (EKS) | Applicable |
| Amazon ElastiCache (EC) | Not applicable |
| AWS Elastic Beanstalk | Applicable |
| Amazon Elastic Inference | Applicable |
| Amazon Elastic Transcoder | Applicable |
| Amazon Elastic Map Reduce (EMR) | Not applicable |
| Amazon Elasticsearch Service (ES) | Not applicable |
| Amazon EventBridge | Applicable |
| Amazon FSx | Applicable |
| Amazon GameLift | Applicable |
| AWS Glue | Not applicable |
| Amazon Inspector | Applicable |
| AWS Internet of Things (IoT) | Not applicable |
| AWS IoT Things Graph | Applicable |
| AWS IoT Analytics | Applicable |
| Amazon Managed Streaming for Kafka | Applicable |
| Amazon Kinesis Data Analytics | Not applicable |
| Amazon Data Firehose | Not applicable |
| Amazon Kinesis Data Streams | Not applicable |
| Amazon Kinesis Video Streams | Not applicable |
| AWS Lambda | Not applicable |
| Amazon Lex | Applicable |
| Amazon CloudWatch Logs | Applicable |
| AWS Elemental MediaTailor | Applicable |
| AWS Elemental MediaConnect | Applicable |
| AWS Elemental MediaConvert | Applicable |
| AWS Elemental MediaPackage Live | Applicable |
| AWS Elemental MediaPackage Video on Demand | Applicable |
| Amazon MQ | Applicable |
| Amazon VPC NAT Gateways | Not applicable |
| Amazon Neptune | Applicable |
| AWS OpsWorks | Applicable |
| Amazon Polly | Applicable |
| Amazon QLDB | Applicable |
| Amazon RDS | Not applicable |
| Amazon Redshift | Not applicable |
| Amazon Rekognition | Applicable |
| AWS RoboMaker | Applicable |
| Amazon Route 53 | Applicable |
| Amazon Route 53 Resolver | Applicable |
| Amazon S3 | Not applicable |
| Amazon SageMaker Batch Transform Jobs | Not applicable |
| Amazon SageMaker Endpoints | Not applicable |
| Amazon SageMaker Endpoint Instances | Not applicable |
| Amazon SageMaker Ground Truth | Not applicable |
| Amazon SageMaker Processing Jobs | Not applicable |
| Amazon SageMaker Training Jobs | Not applicable |
| AWS Service Catalog | Applicable |
| Amazon Simple Email Service (SES) | Not applicable |
| Amazon Simple Notification Service (SNS) | Not applicable |
| Amazon Simple Queue Service (SQS) | Not applicable |
| AWS Systems Manager - Run Command | Applicable |
| AWS Step Functions | Applicable |
| AWS Storage Gateway | Applicable |
| Amazon SWF | Applicable |
| Amazon Textract | Applicable |
| AWS Transfer Family | Applicable |
| AWS Transit Gateway | Applicable |
| Amazon Translate | Applicable |
| AWS Trusted Advisor | Applicable |
| AWS API Usage | Applicable |
| AWS Site-to-Site VPN | Applicable |
| AWS WAF Classic | Applicable |
| AWS WAF | Applicable |
| Amazon WorkMail | Applicable |
| Amazon WorkSpaces | Applicable |

Available metrics¶
ConfigurationName is the main dimension.
| Name | Description | Unit | Statistics | Dimensions | Recommended |
|---|---|---|---|---|---|
| EventsProcessed | The number of event notifications received by AWS Chatbot | Count | Sum | ConfigurationName | Applicable |
| EventsProcessed | Count | Sum | Region | Applicable | |
| EventsThrottled | The number of throttled notifications | Count | Sum | Region | Applicable |
| MessageDeliveryFailure | The number of messages that failed to deliver to the chat client | Count | Sum | ConfigurationName | Applicable |
| MessageDeliveryFailure | Count | Sum | Region | Applicable | |
| MessageDeliverySuccess | The number of messages successfully delivered to the chat client | Count | Sum | ConfigurationName | |
| MessageDeliverySuccess | Count | Sum | Region | ||
| UnsupportedEvents | The number of unsupported events or messages attempted | Count | Sum | ConfigurationName | Applicable |
| UnsupportedEvents | Count | Sum | Region | Applicable |
Limitations¶
The metrics for throttled events are region-wide and have no dimension for any specific configuration.
Dynatrace entities of this AWS service are not enriched with the ARN property.
Source: aws-service-cloudhsm-v2.md¶
title: AWS CloudHSM (V2) monitoring source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-with-aws/aws-all-services/aws-service-cloudhsm-v2 scraped: 2026-02-18T05:48:41.398395
AWS CloudHSM (V2) monitoring¶
AWS CloudHSM (V2) monitoring¶
- How-to guide
- 4-min read
- Published Jul 06, 2020
Dynatrace ingests metrics for multiple preselected namespaces, including AWS CloudHSM (V2). You can view metrics for each service instance, split metrics into multiple dimensions, and create custom charts that you can pin to your dashboards.
Prerequisites¶
To enable monitoring for this service, you need
-
ActiveGate version 1.197+
-
For Dynatrace SaaS deployments, you need an Environment ActiveGate or a Multi-environment ActiveGate.
For role-based access in SaaS deployment, you need an Environment ActiveGate installed on an Amazon EC2 host.
- Dynatrace version 1.200+
- An updated AWS monitoring policy to include the additional AWS services.
To update the AWS IAM policy, use the JSON below, containing the monitoring policy (permissions) for all supporting services.
JSON predefined policy for all supporting services
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"acm-pca:ListCertificateAuthorities",
"apigateway:GET",
"apprunner:ListServices",
"appstream:DescribeFleets",
"appsync:ListGraphqlApis",
"athena:ListWorkGroups",
"autoscaling:DescribeAutoScalingGroups",
"cloudformation:ListStackResources",
"cloudfront:ListDistributions",
"cloudhsm:DescribeClusters",
"cloudsearch:DescribeDomains",
"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"codebuild:ListProjects",
"datasync:ListTasks",
"dax:DescribeClusters",
"directconnect:DescribeConnections",
"dms:DescribeReplicationInstances",
"dynamodb:ListTables",
"dynamodb:ListTagsOfResource",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeInstances",
"ec2:DescribeNatGateways",
"ec2:DescribeSpotFleetRequests",
"ec2:DescribeTransitGateways",
"ec2:DescribeVolumes",
"ec2:DescribeVpnConnections",
"ecs:ListClusters",
"eks:ListClusters",
"elasticache:DescribeCacheClusters",
"elasticbeanstalk:DescribeEnvironmentResources",
"elasticbeanstalk:DescribeEnvironments",
"elasticfilesystem:DescribeFileSystems",
"elasticloadbalancing:DescribeInstanceHealth",
"elasticloadbalancing:DescribeListeners",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeRules",
"elasticloadbalancing:DescribeTags",
"elasticloadbalancing:DescribeTargetHealth",
"elasticmapreduce:ListClusters",
"elastictranscoder:ListPipelines",
"es:ListDomainNames",
"events:ListEventBuses",
"firehose:ListDeliveryStreams",
"fsx:DescribeFileSystems",
"gamelift:ListFleets",
"glue:GetJobs",
"inspector:ListAssessmentTemplates",
"kafka:ListClusters",
"kinesis:ListStreams",
"kinesisanalytics:ListApplications",
"kinesisvideo:ListStreams",
"lambda:ListFunctions",
"lambda:ListTags",
"lex:GetBots",
"logs:DescribeLogGroups",
"mediaconnect:ListFlows",
"mediaconvert:DescribeEndpoints",
"mediapackage-vod:ListPackagingConfigurations",
"mediapackage:ListChannels",
"mediatailor:ListPlaybackConfigurations",
"opsworks:DescribeStacks",
"qldb:ListLedgers",
"rds:DescribeDBClusters",
"rds:DescribeDBInstances",
"rds:DescribeEvents",
"rds:ListTagsForResource",
"redshift:DescribeClusters",
"robomaker:ListSimulationJobs",
"route53:ListHostedZones",
"route53resolver:ListResolverEndpoints",
"s3:ListAllMyBuckets",
"sagemaker:ListEndpoints",
"sns:ListTopics",
"sqs:ListQueues",
"storagegateway:ListGateways",
"sts:GetCallerIdentity",
"swf:ListDomains",
"tag:GetResources",
"tag:GetTagKeys",
"transfer:ListServers",
"workmail:ListOrganizations",
"workspaces:DescribeWorkspaces"
],
"Resource": "*"
}
]
}
If you don't want to add permissions to all services, and just select permissions for certain services, consult the table below. The table contains a set of permissions that are required for All AWS cloud services and, for each supporting service, a list of optional permissions specific to that service.
Permissions required for AWS monitoring integration:
"cloudwatch:GetMetricData""cloudwatch:GetMetricStatistics""cloudwatch:ListMetrics""sts:GetCallerIdentity""tag:GetResources""tag:GetTagKeys""ec2:DescribeAvailabilityZones"
Complete list of permissions for cloud services¶
| Name | Permissions |
|---|---|
| All monitored Amazon services Required | cloudwatch:GetMetricData, cloudwatch:GetMetricStatistics, cloudwatch:ListMetrics, sts:GetCallerIdentity, tag:GetResources, tag:GetTagKeys, ec2:DescribeAvailabilityZones |
| AWS Certificate Manager Private Certificate Authority | acm-pca:ListCertificateAuthorities |
| Amazon MQ | |
| Amazon API Gateway | apigateway:GET |
| AWS App Runner | apprunner:ListServices |
| Amazon AppStream | appstream:DescribeFleets |
| AWS AppSync | appsync:ListGraphqlApis |
| Amazon Athena | athena:ListWorkGroups |
| Amazon Aurora | rds:DescribeDBClusters |
| Amazon EC2 Auto Scaling | autoscaling:DescribeAutoScalingGroups |
| Amazon EC2 Auto Scaling (built-in) | autoscaling:DescribeAutoScalingGroups |
| AWS Billing | |
| Amazon Keyspaces | |
| AWS Chatbot | |
| Amazon CloudFront | cloudfront:ListDistributions |
| AWS CloudHSM | cloudhsm:DescribeClusters |
| Amazon CloudSearch | cloudsearch:DescribeDomains |
| AWS CodeBuild | codebuild:ListProjects |
| Amazon Cognito | |
| Amazon Connect | |
| Amazon Elastic Kubernetes Service (EKS) | eks:ListClusters |
| AWS DataSync | datasync:ListTasks |
| Amazon DynamoDB Accelerator (DAX) | dax:DescribeClusters |
| AWS Database Migration Service (AWS DMS) | dms:DescribeReplicationInstances |
| Amazon DocumentDB | rds:DescribeDBClusters |
| AWS Direct Connect | directconnect:DescribeConnections |
| Amazon DynamoDB | dynamodb:ListTables |
| Amazon DynamoDB (built-in) | dynamodb:ListTables, dynamodb:ListTagsOfResource |
| Amazon EBS | ec2:DescribeVolumes |
| Amazon EBS (built-in) | ec2:DescribeVolumes |
| Amazon EC2 API | |
| Amazon EC2 (built-in) | ec2:DescribeInstances |
| Amazon EC2 Spot Fleet | ec2:DescribeSpotFleetRequests |
| Amazon Elastic Container Service (ECS) | ecs:ListClusters |
| Amazon ECS Container Insights | ecs:ListClusters |
| Amazon ElastiCache (EC) | elasticache:DescribeCacheClusters |
| AWS Elastic Beanstalk | elasticbeanstalk:DescribeEnvironments |
| Amazon Elastic File System (EFS) | elasticfilesystem:DescribeFileSystems |
| Amazon Elastic Inference | |
| Amazon Elastic Map Reduce (EMR) | elasticmapreduce:ListClusters |
| Amazon Elasticsearch Service (ES) | es:ListDomainNames |
| Amazon Elastic Transcoder | elastictranscoder:ListPipelines |
| Amazon Elastic Load Balancer (ELB) (built-in) | elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth |
| Amazon EventBridge | events:ListEventBuses |
| Amazon FSx | fsx:DescribeFileSystems |
| Amazon GameLift | gamelift:ListFleets |
| AWS Glue | glue:GetJobs |
| Amazon Inspector | inspector:ListAssessmentTemplates |
| AWS Internet of Things (IoT) | |
| AWS IoT Analytics | |
| Amazon Managed Streaming for Kafka | kafka:ListClusters |
| Amazon Kinesis Data Analytics | kinesisanalytics:ListApplications |
| Amazon Data Firehose | firehose:ListDeliveryStreams |
| Amazon Kinesis Data Streams | kinesis:ListStreams |
| Amazon Kinesis Video Streams | kinesisvideo:ListStreams |
| AWS Lambda | lambda:ListFunctions |
| AWS Lambda (built-in) | lambda:ListFunctions, lambda:ListTags |
| Amazon Lex | lex:GetBots |
| Amazon Application and Network Load Balancer (built-in) | elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth |
| Amazon CloudWatch Logs | logs:DescribeLogGroups |
| AWS Elemental MediaConnect | mediaconnect:ListFlows |
| AWS Elemental MediaConvert | mediaconvert:DescribeEndpoints |
| AWS Elemental MediaPackage Live | mediapackage:ListChannels |
| AWS Elemental MediaPackage Video on Demand | mediapackage-vod:ListPackagingConfigurations |
| AWS Elemental MediaTailor | mediatailor:ListPlaybackConfigurations |
| Amazon VPC NAT Gateways | ec2:DescribeNatGateways |
| Amazon Neptune | rds:DescribeDBClusters |
| AWS OpsWorks | opsworks:DescribeStacks |
| Amazon Polly | |
| Amazon QLDB | qldb:ListLedgers |
| Amazon RDS | rds:DescribeDBInstances |
| Amazon RDS (built-in) | rds:DescribeDBInstances, rds:DescribeEvents, rds:ListTagsForResource |
| Amazon Redshift | redshift:DescribeClusters |
| Amazon Rekognition | |
| AWS RoboMaker | robomaker:ListSimulationJobs |
| Amazon Route 53 | route53:ListHostedZones |
| Amazon Route 53 Resolver | route53resolver:ListResolverEndpoints |
| Amazon S3 | s3:ListAllMyBuckets |
| Amazon S3 (built-in) | s3:ListAllMyBuckets |
| Amazon SageMaker Batch Transform Jobs | |
| Amazon SageMaker Endpoint Instances | sagemaker:ListEndpoints |
| Amazon SageMaker Endpoints | sagemaker:ListEndpoints |
| Amazon SageMaker Ground Truth | |
| Amazon SageMaker Processing Jobs | |
| Amazon SageMaker Training Jobs | |
| AWS Service Catalog | |
| Amazon Simple Email Service (SES) | |
| Amazon Simple Notification Service (SNS) | sns:ListTopics |
| Amazon Simple Queue Service (SQS) | sqs:ListQueues |
| AWS Systems Manager - Run Command | |
| AWS Step Functions | |
| AWS Storage Gateway | storagegateway:ListGateways |
| Amazon SWF | swf:ListDomains |
| Amazon Textract | |
| AWS IoT Things Graph | |
| AWS Transfer Family | transfer:ListServers |
| AWS Transit Gateway | ec2:DescribeTransitGateways |
| Amazon Translate | |
| AWS Trusted Advisor | |
| AWS API Usage | |
| AWS Site-to-Site VPN | ec2:DescribeVpnConnections |
| AWS WAF Classic | |
| AWS WAF | |
| Amazon WorkMail | workmail:ListOrganizations |
| Amazon WorkSpaces | workspaces:DescribeWorkspaces |
Example of JSON policy for one single service.
JSON policy for Amazon API Gateway
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"apigateway:GET",
"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"sts:GetCallerIdentity",
"tag:GetResources",
"tag:GetTagKeys",
"ec2:DescribeAvailabilityZones"
],
"Resource": "*"
}
]
}
In this example, from the complete list of permissions you need to select
"apigateway:GET"for Amazon API Gateway"cloudwatch:GetMetricData","cloudwatch:GetMetricStatistics","cloudwatch:ListMetrics","sts:GetCallerIdentity","tag:GetResources","tag:GetTagKeys", and"ec2:DescribeAvailabilityZones"for All AWS cloud services.
AWS endpoints that need to be reachable from ActiveGate with corresponding AWS services¶
| Endpoint | Service |
|---|---|
autoscaling.<REGION>.amazonaws.com |
Amazon EC2 Auto Scaling (built-in), Amazon EC2 Auto Scaling |
lambda.<REGION>.amazonaws.com |
AWS Lambda (built-in), AWS Lambda |
elasticloadbalancing.<REGION>.amazonaws.com |
Amazon Application and Network Load Balancer (built-in), Amazon Elastic Load Balancer (ELB) (built-in) |
dynamodb.<REGION>.amazonaws.com |
Amazon DynamoDB (built-in), Amazon DynamoDB |
ec2.<REGION>.amazonaws.com |
Amazon EBS (built-in), Amazon EC2 (built-in), Amazon EBS, Amazon EC2 Spot Fleet, Amazon VPC NAT Gateways, AWS Transit Gateway, AWS Site-to-Site VPN |
rds.<REGION>.amazonaws.com |
Amazon RDS (built-in), Amazon Aurora, Amazon DocumentDB, Amazon Neptune, Amazon RDS |
s3.<REGION>.amazonaws.com |
Amazon S3 (built-in) |
acm-pca.<REGION>.amazonaws.com |
AWS Certificate Manager Private Certificate Authority |
apigateway.<REGION>.amazonaws.com |
Amazon API Gateway |
apprunner.<REGION>.amazonaws.com |
AWS App Runner |
appstream2.<REGION>.amazonaws.com |
Amazon AppStream |
appsync.<REGION>.amazonaws.com |
AWS AppSync |
athena.<REGION>.amazonaws.com |
Amazon Athena |
cloudfront.amazonaws.com |
Amazon CloudFront |
cloudhsmv2.<REGION>.amazonaws.com |
AWS CloudHSM |
cloudsearch.<REGION>.amazonaws.com |
Amazon CloudSearch |
codebuild.<REGION>.amazonaws.com |
AWS CodeBuild |
datasync.<REGION>.amazonaws.com |
AWS DataSync |
dax.<REGION>.amazonaws.com |
Amazon DynamoDB Accelerator (DAX) |
dms.<REGION>.amazonaws.com |
AWS Database Migration Service (AWS DMS) |
directconnect.<REGION>.amazonaws.com |
AWS Direct Connect |
ecs.<REGION>.amazonaws.com |
Amazon Elastic Container Service (ECS), Amazon ECS Container Insights |
elasticfilesystem.<REGION>.amazonaws.com |
Amazon Elastic File System (EFS) |
eks.<REGION>.amazonaws.com |
Amazon Elastic Kubernetes Service (EKS) |
elasticache.<REGION>.amazonaws.com |
Amazon ElastiCache (EC) |
elasticbeanstalk.<REGION>.amazonaws.com |
AWS Elastic Beanstalk |
elastictranscoder.<REGION>.amazonaws.com |
Amazon Elastic Transcoder |
es.<REGION>.amazonaws.com |
Amazon Elasticsearch Service (ES) |
events.<REGION>.amazonaws.com |
Amazon EventBridge |
fsx.<REGION>.amazonaws.com |
Amazon FSx |
gamelift.<REGION>.amazonaws.com |
Amazon GameLift |
glue.<REGION>.amazonaws.com |
AWS Glue |
inspector.<REGION>.amazonaws.com |
Amazon Inspector |
kafka.<REGION>.amazonaws.com |
Amazon Managed Streaming for Kafka |
models.lex.<REGION>.amazonaws.com |
Amazon Lex |
logs.<REGION>.amazonaws.com |
Amazon CloudWatch Logs |
api.mediatailor.<REGION>.amazonaws.com |
AWS Elemental MediaTailor |
mediaconnect.<REGION>.amazonaws.com |
AWS Elemental MediaConnect |
mediapackage.<REGION>.amazonaws.com |
AWS Elemental MediaPackage Live |
mediapackage-vod.<REGION>.amazonaws.com |
AWS Elemental MediaPackage Video on Demand |
opsworks.<REGION>.amazonaws.com |
AWS OpsWorks |
qldb.<REGION>.amazonaws.com |
Amazon QLDB |
redshift.<REGION>.amazonaws.com |
Amazon Redshift |
robomaker.<REGION>.amazonaws.com |
AWS RoboMaker |
route53.amazonaws.com |
Amazon Route 53 |
route53resolver.<REGION>.amazonaws.com |
Amazon Route 53 Resolver |
api.sagemaker.<REGION>.amazonaws.com |
Amazon SageMaker Endpoints, Amazon SageMaker Endpoint Instances |
sns.<REGION>.amazonaws.com |
Amazon Simple Notification Service (SNS) |
sqs.<REGION>.amazonaws.com |
Amazon Simple Queue Service (SQS) |
storagegateway.<REGION>.amazonaws.com |
AWS Storage Gateway |
swf.<REGION>.amazonaws.com |
Amazon SWF |
transfer.<REGION>.amazonaws.com |
AWS Transfer Family |
workmail.<REGION>.amazonaws.com |
Amazon WorkMail |
workspaces.<REGION>.amazonaws.com |
Amazon WorkSpaces |
Enable monitoring¶
To learn how to enable service monitoring, see Enable service monitoring.
View service metrics¶
You can view the service metrics in your Dynatrace environment either on the custom device overview page or on your Dashboards page.
View metrics on the custom device overview page¶
To access the custom device overview page
- Go to
Technologies & Processes Classic. - Filter by service name and select the relevant custom device group.
- Once you select the custom device group, you're on the custom device group overview page.
- The custom device group overview page lists all instances (custom devices) belonging to the group. Select an instance to view the custom device overview page.
View metrics on your dashboard¶
After you add the service to monitoring, a preset dashboard containing all recommended metrics is automatically listed on your Dashboards page. To look for specific dashboards, filter by Preset and then by Name.

For existing monitored services, you might need to resave your credentials for the preset dashboard to appear on the Dashboards page. To resave your credentials, go to Settings > Cloud and virtualization > AWS, select the desired AWS instance, and then select Save.
You can't make changes on a preset dashboard directly, but you can clone and edit it. To clone a dashboard, open the browse menu (â¦) and select Clone.
To remove a dashboard from the dashboards page, you can hide it. To hide a dashboard, open the browse menu (â¦) and select Hide.
Hiding a dashboard doesn't affect other users.

To check the availability of preset dashboards for each AWS service, see the list below.
Preset dashboard availability list¶
| AWS service | Preset dashboard |
|---|---|
| Amazon EC2 Auto Scaling (built-in) | Not applicable |
| AWS Lambda (built-in) | Not applicable |
| Amazon Application and Network Load Balancer (built-in) | Not applicable |
| Amazon DynamoDB (built-in) | Not applicable |
| Amazon EBS (built-in) | Not applicable |
| Amazon EC2 (built-in) | Not applicable |
| Amazon Elastic Load Balancer (ELB) (built-in) | Not applicable |
| Amazon RDS (built-in) | Not applicable |
| Amazon S3 (built-in) | Not applicable |
| AWS Certificate Manager Private Certificate Authority | Not applicable |
| All monitored Amazon services | Not applicable |
| Amazon API Gateway | Not applicable |
| AWS App Runner | Not applicable |
| Amazon AppStream | Applicable |
| AWS AppSync | Applicable |
| Amazon Athena | Applicable |
| Amazon Aurora | Not applicable |
| Amazon EC2 Auto Scaling | Applicable |
| AWS Billing | Applicable |
| Amazon Keyspaces | Applicable |
| AWS Chatbot | Applicable |
| Amazon CloudFront | Not applicable |
| AWS CloudHSM | Applicable |
| Amazon CloudSearch | Applicable |
| AWS CodeBuild | Applicable |
| Amazon Cognito | Not applicable |
| Amazon Connect | Applicable |
| AWS DataSync | Applicable |
| Amazon DynamoDB Accelerator (DAX) | Applicable |
| AWS Database Migration Service (AWS DMS) | Applicable |
| Amazon DocumentDB | Applicable |
| AWS Direct Connect | Applicable |
| Amazon DynamoDB | Not applicable |
| Amazon EBS | Not applicable |
| Amazon EC2 Spot Fleet | Not applicable |
| Amazon EC2 API | Applicable |
| Amazon Elastic Container Service (ECS) | Not applicable |
| Amazon ECS Container Insights | Applicable |
| Amazon Elastic File System (EFS) | Not applicable |
| Amazon Elastic Kubernetes Service (EKS) | Applicable |
| Amazon ElastiCache (EC) | Not applicable |
| AWS Elastic Beanstalk | Applicable |
| Amazon Elastic Inference | Applicable |
| Amazon Elastic Transcoder | Applicable |
| Amazon Elastic Map Reduce (EMR) | Not applicable |
| Amazon Elasticsearch Service (ES) | Not applicable |
| Amazon EventBridge | Applicable |
| Amazon FSx | Applicable |
| Amazon GameLift | Applicable |
| AWS Glue | Not applicable |
| Amazon Inspector | Applicable |
| AWS Internet of Things (IoT) | Not applicable |
| AWS IoT Things Graph | Applicable |
| AWS IoT Analytics | Applicable |
| Amazon Managed Streaming for Kafka | Applicable |
| Amazon Kinesis Data Analytics | Not applicable |
| Amazon Data Firehose | Not applicable |
| Amazon Kinesis Data Streams | Not applicable |
| Amazon Kinesis Video Streams | Not applicable |
| AWS Lambda | Not applicable |
| Amazon Lex | Applicable |
| Amazon CloudWatch Logs | Applicable |
| AWS Elemental MediaTailor | Applicable |
| AWS Elemental MediaConnect | Applicable |
| AWS Elemental MediaConvert | Applicable |
| AWS Elemental MediaPackage Live | Applicable |
| AWS Elemental MediaPackage Video on Demand | Applicable |
| Amazon MQ | Applicable |
| Amazon VPC NAT Gateways | Not applicable |
| Amazon Neptune | Applicable |
| AWS OpsWorks | Applicable |
| Amazon Polly | Applicable |
| Amazon QLDB | Applicable |
| Amazon RDS | Not applicable |
| Amazon Redshift | Not applicable |
| Amazon Rekognition | Applicable |
| AWS RoboMaker | Applicable |
| Amazon Route 53 | Applicable |
| Amazon Route 53 Resolver | Applicable |
| Amazon S3 | Not applicable |
| Amazon SageMaker Batch Transform Jobs | Not applicable |
| Amazon SageMaker Endpoints | Not applicable |
| Amazon SageMaker Endpoint Instances | Not applicable |
| Amazon SageMaker Ground Truth | Not applicable |
| Amazon SageMaker Processing Jobs | Not applicable |
| Amazon SageMaker Training Jobs | Not applicable |
| AWS Service Catalog | Applicable |
| Amazon Simple Email Service (SES) | Not applicable |
| Amazon Simple Notification Service (SNS) | Not applicable |
| Amazon Simple Queue Service (SQS) | Not applicable |
| AWS Systems Manager - Run Command | Applicable |
| AWS Step Functions | Applicable |
| AWS Storage Gateway | Applicable |
| Amazon SWF | Applicable |
| Amazon Textract | Applicable |
| AWS Transfer Family | Applicable |
| AWS Transit Gateway | Applicable |
| Amazon Translate | Applicable |
| AWS Trusted Advisor | Applicable |
| AWS API Usage | Applicable |
| AWS Site-to-Site VPN | Applicable |
| AWS WAF Classic | Applicable |
| AWS WAF | Applicable |
| Amazon WorkMail | Applicable |
| Amazon WorkSpaces | Applicable |

Available metrics¶
ClusterId is the main dimension.
| Name | Description | Unit | Statistics | Dimensions | Recommended |
|---|---|---|---|---|---|
| HsmUnhealthy | The HSM instance is not performing properly | None | Multi | ClusterId, HsmId | Applicable |
| HsmUnhealthy | None | Multi | ClusterId | Applicable | |
| HsmUnhealthy | None | Multi | Region | Applicable | |
| HsmTemperature | Junction temperature of the hardware processor | None | Multi | ClusterId, HsmId | Applicable |
| HsmTemperature | None | Multi | ClusterId | Applicable | |
| HsmTemperature | None | Multi | Region | ||
| HsmKeysSessionOccupied | Number of session keys being used by the HSM instance | Count | Multi | ClusterId, HsmId | Applicable |
| HsmKeysSessionOccupied | Count | Multi | ClusterId | Applicable | |
| HsmKeysSessionOccupied | Count | Multi | Region | Applicable | |
| HsmKeysTokenOccupied | Number of token keys being used by the HSM instance and the cluster | Count | Multi | ClusterId, HsmId | Applicable |
| HsmKeysTokenOccupied | Count | Multi | ClusterId | Applicable | |
| HsmKeysTokenOccupied | Count | Multi | Region | Applicable | |
| HsmSslCtxsOccupied | Number of end-to-end encrypted channels currently established for the HSM instance | Count | Multi | ClusterId, HsmId | Applicable |
| HsmSslCtxsOccupied | Count | Multi | ClusterId | Applicable | |
| HsmSslCtxsOccupied | Count | Multi | Region | ||
| HsmSessionCount | Number of open connections to the HSM instance | Count | Multi | ClusterId, HsmId | Applicable |
| HsmSessionCount | Count | Multi | ClusterId | Applicable | |
| HsmSessionCount | Count | Multi | Region | ||
| HsmUsersAvailable | Number of additional users that can be created | Count | Multi | ClusterId, HsmId | Applicable |
| HsmUsersAvailable | Count | Multi | ClusterId | Applicable | |
| HsmUsersAvailable | Count | Multi | Region | ||
| HsmUsersMax | Maximum number of users that can be created on the HSM instance | Count | Maximum | ClusterId, HsmId | Applicable |
| HsmUsersMax | Count | Maximum | ClusterId | Applicable | |
| HsmUsersMax | Count | Maximum | Region | ||
| InterfaceEth2DroppedInput | Number of dropped packets on input | Count | Average | ClusterId, HsmId | |
| InterfaceEth2DroppedInput | Count | Average | ClusterId | ||
| InterfaceEth2DroppedInput | Count | Average | Region | ||
| InterfaceEth2ErrorsInput | Number of error packets on input | Count | Average | ClusterId, HsmId | |
| InterfaceEth2ErrorsInput | Count | Average | ClusterId | ||
| InterfaceEth2ErrorsInput | Count | Average | Region | ||
| InterfaceEth2OctetsInput | Cumulative sum of traffic to the HSM to date | Count | Average | ClusterId, HsmId | |
| InterfaceEth2OctetsInput | Count | Average | ClusterId | ||
| InterfaceEth2OctetsInput | Count | Average | Region | ||
| InterfaceEth2PacketsInput | Total number of packets on input | Count | Average | ClusterId, HsmId | |
| InterfaceEth2PacketsInput | Count | Average | ClusterId | ||
| InterfaceEth2PacketsInput | Count | Average | Region | ||
| InterfaceEth2DroppedOutput | Number of dropped packets on output | Count | Average | ClusterId, HsmId | |
| InterfaceEth2DroppedOutput | Count | Average | ClusterId | ||
| InterfaceEth2DroppedOutput | Count | Average | Region | ||
| InterfaceEth2ErrorsOutput | Number of error packets on output | Count | Average | ClusterId, HsmId | |
| InterfaceEth2ErrorsOutput | Count | Average | ClusterId | ||
| InterfaceEth2ErrorsOutput | Count | Average | Region | ||
| InterfaceEth2OctetsOutput | Cumulative sum of traffic from the HSM to date | Count | Average | ClusterId, HsmId | |
| InterfaceEth2OctetsOutput | Count | Average | ClusterId | ||
| InterfaceEth2OctetsOutput | Count | Average | Region | ||
| InterfaceEth2PacketsOutput | Total number of packets on output | Count | Average | ClusterId, HsmId | |
| InterfaceEth2PacketsOutput | Count | Average | ClusterId | ||
| InterfaceEth2PacketsOutput | Count | Average | Region |
Limitations¶
CloudHSM Classic isn't supported.
Source: aws-service-cloudwatch-logs.md¶
title: Amazon CloudWatch Logs monitoring source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-with-aws/aws-all-services/aws-service-cloudwatch-logs scraped: 2026-02-16T09:38:55.518429
Amazon CloudWatch Logs monitoring¶
Amazon CloudWatch Logs monitoring¶
- How-to guide
- 2-min read
- Published Sep 08, 2020
Dynatrace ingests metrics for multiple preselected namespaces, including Amazon CloudWatch Logs. You can view metrics for each service instance, split metrics into multiple dimensions, and create custom charts that you can pin to your dashboards.
Prerequisites¶
To enable monitoring for this service, you need
-
ActiveGate version 1.197+
-
For Dynatrace SaaS deployments, you need an Environment ActiveGate or a Multi-environment ActiveGate.
For role-based access in a SaaS deployment, you need an Environment ActiveGate installed on an Amazon EC2 host.
- Dynatrace version 1.201+
- An updated AWS monitoring policy to include the additional AWS services.
To update the AWS IAM policy, use the JSON below, containing the monitoring policy (permissions) for all supporting services.
JSON predefined policy for all supporting services
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"acm-pca:ListCertificateAuthorities",
"apigateway:GET",
"apprunner:ListServices",
"appstream:DescribeFleets",
"appsync:ListGraphqlApis",
"athena:ListWorkGroups",
"autoscaling:DescribeAutoScalingGroups",
"cloudformation:ListStackResources",
"cloudfront:ListDistributions",
"cloudhsm:DescribeClusters",
"cloudsearch:DescribeDomains",
"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"codebuild:ListProjects",
"datasync:ListTasks",
"dax:DescribeClusters",
"directconnect:DescribeConnections",
"dms:DescribeReplicationInstances",
"dynamodb:ListTables",
"dynamodb:ListTagsOfResource",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeInstances",
"ec2:DescribeNatGateways",
"ec2:DescribeSpotFleetRequests",
"ec2:DescribeTransitGateways",
"ec2:DescribeVolumes",
"ec2:DescribeVpnConnections",
"ecs:ListClusters",
"eks:ListClusters",
"elasticache:DescribeCacheClusters",
"elasticbeanstalk:DescribeEnvironmentResources",
"elasticbeanstalk:DescribeEnvironments",
"elasticfilesystem:DescribeFileSystems",
"elasticloadbalancing:DescribeInstanceHealth",
"elasticloadbalancing:DescribeListeners",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeRules",
"elasticloadbalancing:DescribeTags",
"elasticloadbalancing:DescribeTargetHealth",
"elasticmapreduce:ListClusters",
"elastictranscoder:ListPipelines",
"es:ListDomainNames",
"events:ListEventBuses",
"firehose:ListDeliveryStreams",
"fsx:DescribeFileSystems",
"gamelift:ListFleets",
"glue:GetJobs",
"inspector:ListAssessmentTemplates",
"kafka:ListClusters",
"kinesis:ListStreams",
"kinesisanalytics:ListApplications",
"kinesisvideo:ListStreams",
"lambda:ListFunctions",
"lambda:ListTags",
"lex:GetBots",
"logs:DescribeLogGroups",
"mediaconnect:ListFlows",
"mediaconvert:DescribeEndpoints",
"mediapackage-vod:ListPackagingConfigurations",
"mediapackage:ListChannels",
"mediatailor:ListPlaybackConfigurations",
"opsworks:DescribeStacks",
"qldb:ListLedgers",
"rds:DescribeDBClusters",
"rds:DescribeDBInstances",
"rds:DescribeEvents",
"rds:ListTagsForResource",
"redshift:DescribeClusters",
"robomaker:ListSimulationJobs",
"route53:ListHostedZones",
"route53resolver:ListResolverEndpoints",
"s3:ListAllMyBuckets",
"sagemaker:ListEndpoints",
"sns:ListTopics",
"sqs:ListQueues",
"storagegateway:ListGateways",
"sts:GetCallerIdentity",
"swf:ListDomains",
"tag:GetResources",
"tag:GetTagKeys",
"transfer:ListServers",
"workmail:ListOrganizations",
"workspaces:DescribeWorkspaces"
],
"Resource": "*"
}
]
}
If you don't want to add permissions to all services, and just select permissions for certain services, consult the table below. The table contains a set of permissions that are required for All AWS cloud services and, for each supporting service, a list of optional permissions specific to that service.
Permissions required for AWS monitoring integration:
"cloudwatch:GetMetricData""cloudwatch:GetMetricStatistics""cloudwatch:ListMetrics""sts:GetCallerIdentity""tag:GetResources""tag:GetTagKeys""ec2:DescribeAvailabilityZones"
Complete list of permissions for cloud services¶
| Name | Permissions |
|---|---|
| All monitored Amazon services Required | cloudwatch:GetMetricData, cloudwatch:GetMetricStatistics, cloudwatch:ListMetrics, sts:GetCallerIdentity, tag:GetResources, tag:GetTagKeys, ec2:DescribeAvailabilityZones |
| AWS Certificate Manager Private Certificate Authority | acm-pca:ListCertificateAuthorities |
| Amazon MQ | |
| Amazon API Gateway | apigateway:GET |
| AWS App Runner | apprunner:ListServices |
| Amazon AppStream | appstream:DescribeFleets |
| AWS AppSync | appsync:ListGraphqlApis |
| Amazon Athena | athena:ListWorkGroups |
| Amazon Aurora | rds:DescribeDBClusters |
| Amazon EC2 Auto Scaling | autoscaling:DescribeAutoScalingGroups |
| Amazon EC2 Auto Scaling (built-in) | autoscaling:DescribeAutoScalingGroups |
| AWS Billing | |
| Amazon Keyspaces | |
| AWS Chatbot | |
| Amazon CloudFront | cloudfront:ListDistributions |
| AWS CloudHSM | cloudhsm:DescribeClusters |
| Amazon CloudSearch | cloudsearch:DescribeDomains |
| AWS CodeBuild | codebuild:ListProjects |
| Amazon Cognito | |
| Amazon Connect | |
| Amazon Elastic Kubernetes Service (EKS) | eks:ListClusters |
| AWS DataSync | datasync:ListTasks |
| Amazon DynamoDB Accelerator (DAX) | dax:DescribeClusters |
| AWS Database Migration Service (AWS DMS) | dms:DescribeReplicationInstances |
| Amazon DocumentDB | rds:DescribeDBClusters |
| AWS Direct Connect | directconnect:DescribeConnections |
| Amazon DynamoDB | dynamodb:ListTables |
| Amazon DynamoDB (built-in) | dynamodb:ListTables, dynamodb:ListTagsOfResource |
| Amazon EBS | ec2:DescribeVolumes |
| Amazon EBS (built-in) | ec2:DescribeVolumes |
| Amazon EC2 API | |
| Amazon EC2 (built-in) | ec2:DescribeInstances |
| Amazon EC2 Spot Fleet | ec2:DescribeSpotFleetRequests |
| Amazon Elastic Container Service (ECS) | ecs:ListClusters |
| Amazon ECS Container Insights | ecs:ListClusters |
| Amazon ElastiCache (EC) | elasticache:DescribeCacheClusters |
| AWS Elastic Beanstalk | elasticbeanstalk:DescribeEnvironments |
| Amazon Elastic File System (EFS) | elasticfilesystem:DescribeFileSystems |
| Amazon Elastic Inference | |
| Amazon Elastic Map Reduce (EMR) | elasticmapreduce:ListClusters |
| Amazon Elasticsearch Service (ES) | es:ListDomainNames |
| Amazon Elastic Transcoder | elastictranscoder:ListPipelines |
| Amazon Elastic Load Balancer (ELB) (built-in) | elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth |
| Amazon EventBridge | events:ListEventBuses |
| Amazon FSx | fsx:DescribeFileSystems |
| Amazon GameLift | gamelift:ListFleets |
| AWS Glue | glue:GetJobs |
| Amazon Inspector | inspector:ListAssessmentTemplates |
| AWS Internet of Things (IoT) | |
| AWS IoT Analytics | |
| Amazon Managed Streaming for Kafka | kafka:ListClusters |
| Amazon Kinesis Data Analytics | kinesisanalytics:ListApplications |
| Amazon Data Firehose | firehose:ListDeliveryStreams |
| Amazon Kinesis Data Streams | kinesis:ListStreams |
| Amazon Kinesis Video Streams | kinesisvideo:ListStreams |
| AWS Lambda | lambda:ListFunctions |
| AWS Lambda (built-in) | lambda:ListFunctions, lambda:ListTags |
| Amazon Lex | lex:GetBots |
| Amazon Application and Network Load Balancer (built-in) | elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth |
| Amazon CloudWatch Logs | logs:DescribeLogGroups |
| AWS Elemental MediaConnect | mediaconnect:ListFlows |
| AWS Elemental MediaConvert | mediaconvert:DescribeEndpoints |
| AWS Elemental MediaPackage Live | mediapackage:ListChannels |
| AWS Elemental MediaPackage Video on Demand | mediapackage-vod:ListPackagingConfigurations |
| AWS Elemental MediaTailor | mediatailor:ListPlaybackConfigurations |
| Amazon VPC NAT Gateways | ec2:DescribeNatGateways |
| Amazon Neptune | rds:DescribeDBClusters |
| AWS OpsWorks | opsworks:DescribeStacks |
| Amazon Polly | |
| Amazon QLDB | qldb:ListLedgers |
| Amazon RDS | rds:DescribeDBInstances |
| Amazon RDS (built-in) | rds:DescribeDBInstances, rds:DescribeEvents, rds:ListTagsForResource |
| Amazon Redshift | redshift:DescribeClusters |
| Amazon Rekognition | |
| AWS RoboMaker | robomaker:ListSimulationJobs |
| Amazon Route 53 | route53:ListHostedZones |
| Amazon Route 53 Resolver | route53resolver:ListResolverEndpoints |
| Amazon S3 | s3:ListAllMyBuckets |
| Amazon S3 (built-in) | s3:ListAllMyBuckets |
| Amazon SageMaker Batch Transform Jobs | |
| Amazon SageMaker Endpoint Instances | sagemaker:ListEndpoints |
| Amazon SageMaker Endpoints | sagemaker:ListEndpoints |
| Amazon SageMaker Ground Truth | |
| Amazon SageMaker Processing Jobs | |
| Amazon SageMaker Training Jobs | |
| AWS Service Catalog | |
| Amazon Simple Email Service (SES) | |
| Amazon Simple Notification Service (SNS) | sns:ListTopics |
| Amazon Simple Queue Service (SQS) | sqs:ListQueues |
| AWS Systems Manager - Run Command | |
| AWS Step Functions | |
| AWS Storage Gateway | storagegateway:ListGateways |
| Amazon SWF | swf:ListDomains |
| Amazon Textract | |
| AWS IoT Things Graph | |
| AWS Transfer Family | transfer:ListServers |
| AWS Transit Gateway | ec2:DescribeTransitGateways |
| Amazon Translate | |
| AWS Trusted Advisor | |
| AWS API Usage | |
| AWS Site-to-Site VPN | ec2:DescribeVpnConnections |
| AWS WAF Classic | |
| AWS WAF | |
| Amazon WorkMail | workmail:ListOrganizations |
| Amazon WorkSpaces | workspaces:DescribeWorkspaces |
Example of JSON policy for one single service.
JSON policy for Amazon API Gateway
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"apigateway:GET",
"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"sts:GetCallerIdentity",
"tag:GetResources",
"tag:GetTagKeys",
"ec2:DescribeAvailabilityZones"
],
"Resource": "*"
}
]
}
In this example, from the complete list of permissions you need to select
"apigateway:GET"for Amazon API Gateway"cloudwatch:GetMetricData","cloudwatch:GetMetricStatistics","cloudwatch:ListMetrics","sts:GetCallerIdentity","tag:GetResources","tag:GetTagKeys", and"ec2:DescribeAvailabilityZones"for All AWS cloud services.
AWS endpoints that need to be reachable from ActiveGate with corresponding AWS services¶
| Endpoint | Service |
|---|---|
autoscaling.<REGION>.amazonaws.com |
Amazon EC2 Auto Scaling (built-in), Amazon EC2 Auto Scaling |
lambda.<REGION>.amazonaws.com |
AWS Lambda (built-in), AWS Lambda |
elasticloadbalancing.<REGION>.amazonaws.com |
Amazon Application and Network Load Balancer (built-in), Amazon Elastic Load Balancer (ELB) (built-in) |
dynamodb.<REGION>.amazonaws.com |
Amazon DynamoDB (built-in), Amazon DynamoDB |
ec2.<REGION>.amazonaws.com |
Amazon EBS (built-in), Amazon EC2 (built-in), Amazon EBS, Amazon EC2 Spot Fleet, Amazon VPC NAT Gateways, AWS Transit Gateway, AWS Site-to-Site VPN |
rds.<REGION>.amazonaws.com |
Amazon RDS (built-in), Amazon Aurora, Amazon DocumentDB, Amazon Neptune, Amazon RDS |
s3.<REGION>.amazonaws.com |
Amazon S3 (built-in) |
acm-pca.<REGION>.amazonaws.com |
AWS Certificate Manager Private Certificate Authority |
apigateway.<REGION>.amazonaws.com |
Amazon API Gateway |
apprunner.<REGION>.amazonaws.com |
AWS App Runner |
appstream2.<REGION>.amazonaws.com |
Amazon AppStream |
appsync.<REGION>.amazonaws.com |
AWS AppSync |
athena.<REGION>.amazonaws.com |
Amazon Athena |
cloudfront.amazonaws.com |
Amazon CloudFront |
cloudhsmv2.<REGION>.amazonaws.com |
AWS CloudHSM |
cloudsearch.<REGION>.amazonaws.com |
Amazon CloudSearch |
codebuild.<REGION>.amazonaws.com |
AWS CodeBuild |
datasync.<REGION>.amazonaws.com |
AWS DataSync |
dax.<REGION>.amazonaws.com |
Amazon DynamoDB Accelerator (DAX) |
dms.<REGION>.amazonaws.com |
AWS Database Migration Service (AWS DMS) |
directconnect.<REGION>.amazonaws.com |
AWS Direct Connect |
ecs.<REGION>.amazonaws.com |
Amazon Elastic Container Service (ECS), Amazon ECS Container Insights |
elasticfilesystem.<REGION>.amazonaws.com |
Amazon Elastic File System (EFS) |
eks.<REGION>.amazonaws.com |
Amazon Elastic Kubernetes Service (EKS) |
elasticache.<REGION>.amazonaws.com |
Amazon ElastiCache (EC) |
elasticbeanstalk.<REGION>.amazonaws.com |
AWS Elastic Beanstalk |
elastictranscoder.<REGION>.amazonaws.com |
Amazon Elastic Transcoder |
es.<REGION>.amazonaws.com |
Amazon Elasticsearch Service (ES) |
events.<REGION>.amazonaws.com |
Amazon EventBridge |
fsx.<REGION>.amazonaws.com |
Amazon FSx |
gamelift.<REGION>.amazonaws.com |
Amazon GameLift |
glue.<REGION>.amazonaws.com |
AWS Glue |
inspector.<REGION>.amazonaws.com |
Amazon Inspector |
kafka.<REGION>.amazonaws.com |
Amazon Managed Streaming for Kafka |
models.lex.<REGION>.amazonaws.com |
Amazon Lex |
logs.<REGION>.amazonaws.com |
Amazon CloudWatch Logs |
api.mediatailor.<REGION>.amazonaws.com |
AWS Elemental MediaTailor |
mediaconnect.<REGION>.amazonaws.com |
AWS Elemental MediaConnect |
mediapackage.<REGION>.amazonaws.com |
AWS Elemental MediaPackage Live |
mediapackage-vod.<REGION>.amazonaws.com |
AWS Elemental MediaPackage Video on Demand |
opsworks.<REGION>.amazonaws.com |
AWS OpsWorks |
qldb.<REGION>.amazonaws.com |
Amazon QLDB |
redshift.<REGION>.amazonaws.com |
Amazon Redshift |
robomaker.<REGION>.amazonaws.com |
AWS RoboMaker |
route53.amazonaws.com |
Amazon Route 53 |
route53resolver.<REGION>.amazonaws.com |
Amazon Route 53 Resolver |
api.sagemaker.<REGION>.amazonaws.com |
Amazon SageMaker Endpoints, Amazon SageMaker Endpoint Instances |
sns.<REGION>.amazonaws.com |
Amazon Simple Notification Service (SNS) |
sqs.<REGION>.amazonaws.com |
Amazon Simple Queue Service (SQS) |
storagegateway.<REGION>.amazonaws.com |
AWS Storage Gateway |
swf.<REGION>.amazonaws.com |
Amazon SWF |
transfer.<REGION>.amazonaws.com |
AWS Transfer Family |
workmail.<REGION>.amazonaws.com |
Amazon WorkMail |
workspaces.<REGION>.amazonaws.com |
Amazon WorkSpaces |
Enable monitoring¶
To learn how to enable service monitoring, see Enable service monitoring.
View service metrics¶
You can view the service metrics in your Dynatrace environment either on the custom device overview page or on your Dashboards page.
View metrics on the custom device overview page¶
To access the custom device overview page
- Go to
Technologies & Processes Classic. - Filter by service name and select the relevant custom device group.
- Once you select the custom device group, you're on the custom device group overview page.
- The custom device group overview page lists all instances (custom devices) belonging to the group. Select an instance to view the custom device overview page.
View metrics on your dashboard¶
After you add the service to monitoring, a preset dashboard containing all recommended metrics is automatically listed on your Dashboards page. To look for specific dashboards, filter by Preset and then by Name.

For existing monitored services, you might need to resave your credentials for the preset dashboard to appear on the Dashboards page. To resave your credentials, go to Settings > Cloud and virtualization > AWS, select the desired AWS instance, and then select Save.
You can't make changes on a preset dashboard directly, but you can clone and edit it. To clone a dashboard, open the browse menu (â¦) and select Clone.
To remove a dashboard from the dashboards page, you can hide it. To hide a dashboard, open the browse menu (â¦) and select Hide.
Hiding a dashboard doesn't affect other users.

To check the availability of preset dashboards for each AWS service, see the list below.
Preset dashboard availability list¶
| AWS service | Preset dashboard |
|---|---|
| Amazon EC2 Auto Scaling (built-in) | Not applicable |
| AWS Lambda (built-in) | Not applicable |
| Amazon Application and Network Load Balancer (built-in) | Not applicable |
| Amazon DynamoDB (built-in) | Not applicable |
| Amazon EBS (built-in) | Not applicable |
| Amazon EC2 (built-in) | Not applicable |
| Amazon Elastic Load Balancer (ELB) (built-in) | Not applicable |
| Amazon RDS (built-in) | Not applicable |
| Amazon S3 (built-in) | Not applicable |
| AWS Certificate Manager Private Certificate Authority | Not applicable |
| All monitored Amazon services | Not applicable |
| Amazon API Gateway | Not applicable |
| AWS App Runner | Not applicable |
| Amazon AppStream | Applicable |
| AWS AppSync | Applicable |
| Amazon Athena | Applicable |
| Amazon Aurora | Not applicable |
| Amazon EC2 Auto Scaling | Applicable |
| AWS Billing | Applicable |
| Amazon Keyspaces | Applicable |
| AWS Chatbot | Applicable |
| Amazon CloudFront | Not applicable |
| AWS CloudHSM | Applicable |
| Amazon CloudSearch | Applicable |
| AWS CodeBuild | Applicable |
| Amazon Cognito | Not applicable |
| Amazon Connect | Applicable |
| AWS DataSync | Applicable |
| Amazon DynamoDB Accelerator (DAX) | Applicable |
| AWS Database Migration Service (AWS DMS) | Applicable |
| Amazon DocumentDB | Applicable |
| AWS Direct Connect | Applicable |
| Amazon DynamoDB | Not applicable |
| Amazon EBS | Not applicable |
| Amazon EC2 Spot Fleet | Not applicable |
| Amazon EC2 API | Applicable |
| Amazon Elastic Container Service (ECS) | Not applicable |
| Amazon ECS Container Insights | Applicable |
| Amazon Elastic File System (EFS) | Not applicable |
| Amazon Elastic Kubernetes Service (EKS) | Applicable |
| Amazon ElastiCache (EC) | Not applicable |
| AWS Elastic Beanstalk | Applicable |
| Amazon Elastic Inference | Applicable |
| Amazon Elastic Transcoder | Applicable |
| Amazon Elastic Map Reduce (EMR) | Not applicable |
| Amazon Elasticsearch Service (ES) | Not applicable |
| Amazon EventBridge | Applicable |
| Amazon FSx | Applicable |
| Amazon GameLift | Applicable |
| AWS Glue | Not applicable |
| Amazon Inspector | Applicable |
| AWS Internet of Things (IoT) | Not applicable |
| AWS IoT Things Graph | Applicable |
| AWS IoT Analytics | Applicable |
| Amazon Managed Streaming for Kafka | Applicable |
| Amazon Kinesis Data Analytics | Not applicable |
| Amazon Data Firehose | Not applicable |
| Amazon Kinesis Data Streams | Not applicable |
| Amazon Kinesis Video Streams | Not applicable |
| AWS Lambda | Not applicable |
| Amazon Lex | Applicable |
| Amazon CloudWatch Logs | Applicable |
| AWS Elemental MediaTailor | Applicable |
| AWS Elemental MediaConnect | Applicable |
| AWS Elemental MediaConvert | Applicable |
| AWS Elemental MediaPackage Live | Applicable |
| AWS Elemental MediaPackage Video on Demand | Applicable |
| Amazon MQ | Applicable |
| Amazon VPC NAT Gateways | Not applicable |
| Amazon Neptune | Applicable |
| AWS OpsWorks | Applicable |
| Amazon Polly | Applicable |
| Amazon QLDB | Applicable |
| Amazon RDS | Not applicable |
| Amazon Redshift | Not applicable |
| Amazon Rekognition | Applicable |
| AWS RoboMaker | Applicable |
| Amazon Route 53 | Applicable |
| Amazon Route 53 Resolver | Applicable |
| Amazon S3 | Not applicable |
| Amazon SageMaker Batch Transform Jobs | Not applicable |
| Amazon SageMaker Endpoints | Not applicable |
| Amazon SageMaker Endpoint Instances | Not applicable |
| Amazon SageMaker Ground Truth | Not applicable |
| Amazon SageMaker Processing Jobs | Not applicable |
| Amazon SageMaker Training Jobs | Not applicable |
| AWS Service Catalog | Applicable |
| Amazon Simple Email Service (SES) | Not applicable |
| Amazon Simple Notification Service (SNS) | Not applicable |
| Amazon Simple Queue Service (SQS) | Not applicable |
| AWS Systems Manager - Run Command | Applicable |
| AWS Step Functions | Applicable |
| AWS Storage Gateway | Applicable |
| Amazon SWF | Applicable |
| Amazon Textract | Applicable |
| AWS Transfer Family | Applicable |
| AWS Transit Gateway | Applicable |
| Amazon Translate | Applicable |
| AWS Trusted Advisor | Applicable |
| AWS API Usage | Applicable |
| AWS Site-to-Site VPN | Applicable |
| AWS WAF Classic | Applicable |
| AWS WAF | Applicable |
| Amazon WorkMail | Applicable |
| Amazon WorkSpaces | Applicable |

Available metrics¶
LogGroupName is the main dimension.
| Name | Description | Unit | Statistics | Dimensions | Recommended |
|---|---|---|---|---|---|
| DeliveryErrors | The number of log events for which CloudWatch Logs received an error when forwarding data to the subscription destination | Count | Sum | LogGroupName, DestinationType, FilterName | Applicable |
| DeliveryThrottling | The number of log events for which CloudWatch Logs was throttled when forwarding data to the subscription destination | Count | Sum | LogGroupName, DestinationType, FilterName | Applicable |
| ForwardedBytes | The volume of log events in compressed bytes forwarded to the subscription destination | Bytes | Sum | LogGroupName, DestinationType, FilterName | Applicable |
| ForwardedLogEvents | The number of log events forwarded to the subscription destination | Count | Sum | LogGroupName, DestinationType, FilterName | Applicable |
| IncomingBytes | The volume of log events in uncompressed bytes uploaded to CloudWatch Logs. When used with the LogGroupName dimension, this is the volume of log events in uncompressed bytes uploaded to the log group. |
Bytes | Sum | LogGroupName | Applicable |
| IncomingBytes | Bytes | Sum | Region | Applicable | |
| IncomingLogEvents | The number of log events uploaded to CloudWatch Logs. When used with the LogGroupName dimension, this is the number of log events uploaded to the log group. |
Count | Sum | LogGroupName | Applicable |
| IncomingLogEvents | Count | Sum | Region | Applicable |
Source: aws-service-codebuild.md¶
title: AWS CodeBuild monitoring source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-with-aws/aws-all-services/aws-service-codebuild scraped: 2026-02-15T21:25:09.143272
AWS CodeBuild monitoring¶
AWS CodeBuild monitoring¶
- How-to guide
- 4-min read
- Published Sep 08, 2020
Dynatrace ingests metrics for multiple preselected namespaces, including AWS CodeBuild. You can view metrics for each service instance, split metrics into multiple dimensions, and create custom charts that you can pin to your dashboards.
Prerequisites¶
To enable monitoring for this service, you need
-
ActiveGate version 1.197+
-
For Dynatrace SaaS deployments, you need an Environment ActiveGate or a Multi-environment ActiveGate.
For role-based access in a SaaS deployment, you need an Environment ActiveGate installed on an Amazon EC2 host.
- Dynatrace version 1.201+
- An updated AWS monitoring policy to include the additional AWS services.
To update the AWS IAM policy, use the JSON below, containing the monitoring policy (permissions) for all supporting services.
JSON predefined policy for all supporting services
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"acm-pca:ListCertificateAuthorities",
"apigateway:GET",
"apprunner:ListServices",
"appstream:DescribeFleets",
"appsync:ListGraphqlApis",
"athena:ListWorkGroups",
"autoscaling:DescribeAutoScalingGroups",
"cloudformation:ListStackResources",
"cloudfront:ListDistributions",
"cloudhsm:DescribeClusters",
"cloudsearch:DescribeDomains",
"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"codebuild:ListProjects",
"datasync:ListTasks",
"dax:DescribeClusters",
"directconnect:DescribeConnections",
"dms:DescribeReplicationInstances",
"dynamodb:ListTables",
"dynamodb:ListTagsOfResource",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeInstances",
"ec2:DescribeNatGateways",
"ec2:DescribeSpotFleetRequests",
"ec2:DescribeTransitGateways",
"ec2:DescribeVolumes",
"ec2:DescribeVpnConnections",
"ecs:ListClusters",
"eks:ListClusters",
"elasticache:DescribeCacheClusters",
"elasticbeanstalk:DescribeEnvironmentResources",
"elasticbeanstalk:DescribeEnvironments",
"elasticfilesystem:DescribeFileSystems",
"elasticloadbalancing:DescribeInstanceHealth",
"elasticloadbalancing:DescribeListeners",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeRules",
"elasticloadbalancing:DescribeTags",
"elasticloadbalancing:DescribeTargetHealth",
"elasticmapreduce:ListClusters",
"elastictranscoder:ListPipelines",
"es:ListDomainNames",
"events:ListEventBuses",
"firehose:ListDeliveryStreams",
"fsx:DescribeFileSystems",
"gamelift:ListFleets",
"glue:GetJobs",
"inspector:ListAssessmentTemplates",
"kafka:ListClusters",
"kinesis:ListStreams",
"kinesisanalytics:ListApplications",
"kinesisvideo:ListStreams",
"lambda:ListFunctions",
"lambda:ListTags",
"lex:GetBots",
"logs:DescribeLogGroups",
"mediaconnect:ListFlows",
"mediaconvert:DescribeEndpoints",
"mediapackage-vod:ListPackagingConfigurations",
"mediapackage:ListChannels",
"mediatailor:ListPlaybackConfigurations",
"opsworks:DescribeStacks",
"qldb:ListLedgers",
"rds:DescribeDBClusters",
"rds:DescribeDBInstances",
"rds:DescribeEvents",
"rds:ListTagsForResource",
"redshift:DescribeClusters",
"robomaker:ListSimulationJobs",
"route53:ListHostedZones",
"route53resolver:ListResolverEndpoints",
"s3:ListAllMyBuckets",
"sagemaker:ListEndpoints",
"sns:ListTopics",
"sqs:ListQueues",
"storagegateway:ListGateways",
"sts:GetCallerIdentity",
"swf:ListDomains",
"tag:GetResources",
"tag:GetTagKeys",
"transfer:ListServers",
"workmail:ListOrganizations",
"workspaces:DescribeWorkspaces"
],
"Resource": "*"
}
]
}
If you don't want to add permissions to all services, and just select permissions for certain services, consult the table below. The table contains a set of permissions that are required for All AWS cloud services and, for each supporting service, a list of optional permissions specific to that service.
Permissions required for AWS monitoring integration:
"cloudwatch:GetMetricData""cloudwatch:GetMetricStatistics""cloudwatch:ListMetrics""sts:GetCallerIdentity""tag:GetResources""tag:GetTagKeys""ec2:DescribeAvailabilityZones"
Complete list of permissions for cloud services¶
| Name | Permissions |
|---|---|
| All monitored Amazon services Required | cloudwatch:GetMetricData, cloudwatch:GetMetricStatistics, cloudwatch:ListMetrics, sts:GetCallerIdentity, tag:GetResources, tag:GetTagKeys, ec2:DescribeAvailabilityZones |
| AWS Certificate Manager Private Certificate Authority | acm-pca:ListCertificateAuthorities |
| Amazon MQ | |
| Amazon API Gateway | apigateway:GET |
| AWS App Runner | apprunner:ListServices |
| Amazon AppStream | appstream:DescribeFleets |
| AWS AppSync | appsync:ListGraphqlApis |
| Amazon Athena | athena:ListWorkGroups |
| Amazon Aurora | rds:DescribeDBClusters |
| Amazon EC2 Auto Scaling | autoscaling:DescribeAutoScalingGroups |
| Amazon EC2 Auto Scaling (built-in) | autoscaling:DescribeAutoScalingGroups |
| AWS Billing | |
| Amazon Keyspaces | |
| AWS Chatbot | |
| Amazon CloudFront | cloudfront:ListDistributions |
| AWS CloudHSM | cloudhsm:DescribeClusters |
| Amazon CloudSearch | cloudsearch:DescribeDomains |
| AWS CodeBuild | codebuild:ListProjects |
| Amazon Cognito | |
| Amazon Connect | |
| Amazon Elastic Kubernetes Service (EKS) | eks:ListClusters |
| AWS DataSync | datasync:ListTasks |
| Amazon DynamoDB Accelerator (DAX) | dax:DescribeClusters |
| AWS Database Migration Service (AWS DMS) | dms:DescribeReplicationInstances |
| Amazon DocumentDB | rds:DescribeDBClusters |
| AWS Direct Connect | directconnect:DescribeConnections |
| Amazon DynamoDB | dynamodb:ListTables |
| Amazon DynamoDB (built-in) | dynamodb:ListTables, dynamodb:ListTagsOfResource |
| Amazon EBS | ec2:DescribeVolumes |
| Amazon EBS (built-in) | ec2:DescribeVolumes |
| Amazon EC2 API | |
| Amazon EC2 (built-in) | ec2:DescribeInstances |
| Amazon EC2 Spot Fleet | ec2:DescribeSpotFleetRequests |
| Amazon Elastic Container Service (ECS) | ecs:ListClusters |
| Amazon ECS Container Insights | ecs:ListClusters |
| Amazon ElastiCache (EC) | elasticache:DescribeCacheClusters |
| AWS Elastic Beanstalk | elasticbeanstalk:DescribeEnvironments |
| Amazon Elastic File System (EFS) | elasticfilesystem:DescribeFileSystems |
| Amazon Elastic Inference | |
| Amazon Elastic Map Reduce (EMR) | elasticmapreduce:ListClusters |
| Amazon Elasticsearch Service (ES) | es:ListDomainNames |
| Amazon Elastic Transcoder | elastictranscoder:ListPipelines |
| Amazon Elastic Load Balancer (ELB) (built-in) | elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth |
| Amazon EventBridge | events:ListEventBuses |
| Amazon FSx | fsx:DescribeFileSystems |
| Amazon GameLift | gamelift:ListFleets |
| AWS Glue | glue:GetJobs |
| Amazon Inspector | inspector:ListAssessmentTemplates |
| AWS Internet of Things (IoT) | |
| AWS IoT Analytics | |
| Amazon Managed Streaming for Kafka | kafka:ListClusters |
| Amazon Kinesis Data Analytics | kinesisanalytics:ListApplications |
| Amazon Data Firehose | firehose:ListDeliveryStreams |
| Amazon Kinesis Data Streams | kinesis:ListStreams |
| Amazon Kinesis Video Streams | kinesisvideo:ListStreams |
| AWS Lambda | lambda:ListFunctions |
| AWS Lambda (built-in) | lambda:ListFunctions, lambda:ListTags |
| Amazon Lex | lex:GetBots |
| Amazon Application and Network Load Balancer (built-in) | elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth |
| Amazon CloudWatch Logs | logs:DescribeLogGroups |
| AWS Elemental MediaConnect | mediaconnect:ListFlows |
| AWS Elemental MediaConvert | mediaconvert:DescribeEndpoints |
| AWS Elemental MediaPackage Live | mediapackage:ListChannels |
| AWS Elemental MediaPackage Video on Demand | mediapackage-vod:ListPackagingConfigurations |
| AWS Elemental MediaTailor | mediatailor:ListPlaybackConfigurations |
| Amazon VPC NAT Gateways | ec2:DescribeNatGateways |
| Amazon Neptune | rds:DescribeDBClusters |
| AWS OpsWorks | opsworks:DescribeStacks |
| Amazon Polly | |
| Amazon QLDB | qldb:ListLedgers |
| Amazon RDS | rds:DescribeDBInstances |
| Amazon RDS (built-in) | rds:DescribeDBInstances, rds:DescribeEvents, rds:ListTagsForResource |
| Amazon Redshift | redshift:DescribeClusters |
| Amazon Rekognition | |
| AWS RoboMaker | robomaker:ListSimulationJobs |
| Amazon Route 53 | route53:ListHostedZones |
| Amazon Route 53 Resolver | route53resolver:ListResolverEndpoints |
| Amazon S3 | s3:ListAllMyBuckets |
| Amazon S3 (built-in) | s3:ListAllMyBuckets |
| Amazon SageMaker Batch Transform Jobs | |
| Amazon SageMaker Endpoint Instances | sagemaker:ListEndpoints |
| Amazon SageMaker Endpoints | sagemaker:ListEndpoints |
| Amazon SageMaker Ground Truth | |
| Amazon SageMaker Processing Jobs | |
| Amazon SageMaker Training Jobs | |
| AWS Service Catalog | |
| Amazon Simple Email Service (SES) | |
| Amazon Simple Notification Service (SNS) | sns:ListTopics |
| Amazon Simple Queue Service (SQS) | sqs:ListQueues |
| AWS Systems Manager - Run Command | |
| AWS Step Functions | |
| AWS Storage Gateway | storagegateway:ListGateways |
| Amazon SWF | swf:ListDomains |
| Amazon Textract | |
| AWS IoT Things Graph | |
| AWS Transfer Family | transfer:ListServers |
| AWS Transit Gateway | ec2:DescribeTransitGateways |
| Amazon Translate | |
| AWS Trusted Advisor | |
| AWS API Usage | |
| AWS Site-to-Site VPN | ec2:DescribeVpnConnections |
| AWS WAF Classic | |
| AWS WAF | |
| Amazon WorkMail | workmail:ListOrganizations |
| Amazon WorkSpaces | workspaces:DescribeWorkspaces |
Example of JSON policy for one single service.
JSON policy for Amazon API Gateway
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"apigateway:GET",
"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"sts:GetCallerIdentity",
"tag:GetResources",
"tag:GetTagKeys",
"ec2:DescribeAvailabilityZones"
],
"Resource": "*"
}
]
}
In this example, from the complete list of permissions you need to select
"apigateway:GET"for Amazon API Gateway"cloudwatch:GetMetricData","cloudwatch:GetMetricStatistics","cloudwatch:ListMetrics","sts:GetCallerIdentity","tag:GetResources","tag:GetTagKeys", and"ec2:DescribeAvailabilityZones"for All AWS cloud services.
AWS endpoints that need to be reachable from ActiveGate with corresponding AWS services¶
| Endpoint | Service |
|---|---|
autoscaling.<REGION>.amazonaws.com |
Amazon EC2 Auto Scaling (built-in), Amazon EC2 Auto Scaling |
lambda.<REGION>.amazonaws.com |
AWS Lambda (built-in), AWS Lambda |
elasticloadbalancing.<REGION>.amazonaws.com |
Amazon Application and Network Load Balancer (built-in), Amazon Elastic Load Balancer (ELB) (built-in) |
dynamodb.<REGION>.amazonaws.com |
Amazon DynamoDB (built-in), Amazon DynamoDB |
ec2.<REGION>.amazonaws.com |
Amazon EBS (built-in), Amazon EC2 (built-in), Amazon EBS, Amazon EC2 Spot Fleet, Amazon VPC NAT Gateways, AWS Transit Gateway, AWS Site-to-Site VPN |
rds.<REGION>.amazonaws.com |
Amazon RDS (built-in), Amazon Aurora, Amazon DocumentDB, Amazon Neptune, Amazon RDS |
s3.<REGION>.amazonaws.com |
Amazon S3 (built-in) |
acm-pca.<REGION>.amazonaws.com |
AWS Certificate Manager Private Certificate Authority |
apigateway.<REGION>.amazonaws.com |
Amazon API Gateway |
apprunner.<REGION>.amazonaws.com |
AWS App Runner |
appstream2.<REGION>.amazonaws.com |
Amazon AppStream |
appsync.<REGION>.amazonaws.com |
AWS AppSync |
athena.<REGION>.amazonaws.com |
Amazon Athena |
cloudfront.amazonaws.com |
Amazon CloudFront |
cloudhsmv2.<REGION>.amazonaws.com |
AWS CloudHSM |
cloudsearch.<REGION>.amazonaws.com |
Amazon CloudSearch |
codebuild.<REGION>.amazonaws.com |
AWS CodeBuild |
datasync.<REGION>.amazonaws.com |
AWS DataSync |
dax.<REGION>.amazonaws.com |
Amazon DynamoDB Accelerator (DAX) |
dms.<REGION>.amazonaws.com |
AWS Database Migration Service (AWS DMS) |
directconnect.<REGION>.amazonaws.com |
AWS Direct Connect |
ecs.<REGION>.amazonaws.com |
Amazon Elastic Container Service (ECS), Amazon ECS Container Insights |
elasticfilesystem.<REGION>.amazonaws.com |
Amazon Elastic File System (EFS) |
eks.<REGION>.amazonaws.com |
Amazon Elastic Kubernetes Service (EKS) |
elasticache.<REGION>.amazonaws.com |
Amazon ElastiCache (EC) |
elasticbeanstalk.<REGION>.amazonaws.com |
AWS Elastic Beanstalk |
elastictranscoder.<REGION>.amazonaws.com |
Amazon Elastic Transcoder |
es.<REGION>.amazonaws.com |
Amazon Elasticsearch Service (ES) |
events.<REGION>.amazonaws.com |
Amazon EventBridge |
fsx.<REGION>.amazonaws.com |
Amazon FSx |
gamelift.<REGION>.amazonaws.com |
Amazon GameLift |
glue.<REGION>.amazonaws.com |
AWS Glue |
inspector.<REGION>.amazonaws.com |
Amazon Inspector |
kafka.<REGION>.amazonaws.com |
Amazon Managed Streaming for Kafka |
models.lex.<REGION>.amazonaws.com |
Amazon Lex |
logs.<REGION>.amazonaws.com |
Amazon CloudWatch Logs |
api.mediatailor.<REGION>.amazonaws.com |
AWS Elemental MediaTailor |
mediaconnect.<REGION>.amazonaws.com |
AWS Elemental MediaConnect |
mediapackage.<REGION>.amazonaws.com |
AWS Elemental MediaPackage Live |
mediapackage-vod.<REGION>.amazonaws.com |
AWS Elemental MediaPackage Video on Demand |
opsworks.<REGION>.amazonaws.com |
AWS OpsWorks |
qldb.<REGION>.amazonaws.com |
Amazon QLDB |
redshift.<REGION>.amazonaws.com |
Amazon Redshift |
robomaker.<REGION>.amazonaws.com |
AWS RoboMaker |
route53.amazonaws.com |
Amazon Route 53 |
route53resolver.<REGION>.amazonaws.com |
Amazon Route 53 Resolver |
api.sagemaker.<REGION>.amazonaws.com |
Amazon SageMaker Endpoints, Amazon SageMaker Endpoint Instances |
sns.<REGION>.amazonaws.com |
Amazon Simple Notification Service (SNS) |
sqs.<REGION>.amazonaws.com |
Amazon Simple Queue Service (SQS) |
storagegateway.<REGION>.amazonaws.com |
AWS Storage Gateway |
swf.<REGION>.amazonaws.com |
Amazon SWF |
transfer.<REGION>.amazonaws.com |
AWS Transfer Family |
workmail.<REGION>.amazonaws.com |
Amazon WorkMail |
workspaces.<REGION>.amazonaws.com |
Amazon WorkSpaces |
Enable monitoring¶
To learn how to enable service monitoring, see Enable service monitoring.
View service metrics¶
You can view the service metrics in your Dynatrace environment either on the custom device overview page or on your Dashboards page.
View metrics on the custom device overview page¶
To access the custom device overview page
- Go to
Technologies & Processes Classic. - Filter by service name and select the relevant custom device group.
- Once you select the custom device group, you're on the custom device group overview page.
- The custom device group overview page lists all instances (custom devices) belonging to the group. Select an instance to view the custom device overview page.
View metrics on your dashboard¶
After you add the service to monitoring, a preset dashboard containing all recommended metrics is automatically listed on your Dashboards page. To look for specific dashboards, filter by Preset and then by Name.

For existing monitored services, you might need to resave your credentials for the preset dashboard to appear on the Dashboards page. To resave your credentials, go to Settings > Cloud and virtualization > AWS, select the desired AWS instance, and then select Save.
You can't make changes on a preset dashboard directly, but you can clone and edit it. To clone a dashboard, open the browse menu (â¦) and select Clone.
To remove a dashboard from the dashboards page, you can hide it. To hide a dashboard, open the browse menu (â¦) and select Hide.
Hiding a dashboard doesn't affect other users.

To check the availability of preset dashboards for each AWS service, see the list below.
Preset dashboard availability list¶
| AWS service | Preset dashboard |
|---|---|
| Amazon EC2 Auto Scaling (built-in) | Not applicable |
| AWS Lambda (built-in) | Not applicable |
| Amazon Application and Network Load Balancer (built-in) | Not applicable |
| Amazon DynamoDB (built-in) | Not applicable |
| Amazon EBS (built-in) | Not applicable |
| Amazon EC2 (built-in) | Not applicable |
| Amazon Elastic Load Balancer (ELB) (built-in) | Not applicable |
| Amazon RDS (built-in) | Not applicable |
| Amazon S3 (built-in) | Not applicable |
| AWS Certificate Manager Private Certificate Authority | Not applicable |
| All monitored Amazon services | Not applicable |
| Amazon API Gateway | Not applicable |
| AWS App Runner | Not applicable |
| Amazon AppStream | Applicable |
| AWS AppSync | Applicable |
| Amazon Athena | Applicable |
| Amazon Aurora | Not applicable |
| Amazon EC2 Auto Scaling | Applicable |
| AWS Billing | Applicable |
| Amazon Keyspaces | Applicable |
| AWS Chatbot | Applicable |
| Amazon CloudFront | Not applicable |
| AWS CloudHSM | Applicable |
| Amazon CloudSearch | Applicable |
| AWS CodeBuild | Applicable |
| Amazon Cognito | Not applicable |
| Amazon Connect | Applicable |
| AWS DataSync | Applicable |
| Amazon DynamoDB Accelerator (DAX) | Applicable |
| AWS Database Migration Service (AWS DMS) | Applicable |
| Amazon DocumentDB | Applicable |
| AWS Direct Connect | Applicable |
| Amazon DynamoDB | Not applicable |
| Amazon EBS | Not applicable |
| Amazon EC2 Spot Fleet | Not applicable |
| Amazon EC2 API | Applicable |
| Amazon Elastic Container Service (ECS) | Not applicable |
| Amazon ECS Container Insights | Applicable |
| Amazon Elastic File System (EFS) | Not applicable |
| Amazon Elastic Kubernetes Service (EKS) | Applicable |
| Amazon ElastiCache (EC) | Not applicable |
| AWS Elastic Beanstalk | Applicable |
| Amazon Elastic Inference | Applicable |
| Amazon Elastic Transcoder | Applicable |
| Amazon Elastic Map Reduce (EMR) | Not applicable |
| Amazon Elasticsearch Service (ES) | Not applicable |
| Amazon EventBridge | Applicable |
| Amazon FSx | Applicable |
| Amazon GameLift | Applicable |
| AWS Glue | Not applicable |
| Amazon Inspector | Applicable |
| AWS Internet of Things (IoT) | Not applicable |
| AWS IoT Things Graph | Applicable |
| AWS IoT Analytics | Applicable |
| Amazon Managed Streaming for Kafka | Applicable |
| Amazon Kinesis Data Analytics | Not applicable |
| Amazon Data Firehose | Not applicable |
| Amazon Kinesis Data Streams | Not applicable |
| Amazon Kinesis Video Streams | Not applicable |
| AWS Lambda | Not applicable |
| Amazon Lex | Applicable |
| Amazon CloudWatch Logs | Applicable |
| AWS Elemental MediaTailor | Applicable |
| AWS Elemental MediaConnect | Applicable |
| AWS Elemental MediaConvert | Applicable |
| AWS Elemental MediaPackage Live | Applicable |
| AWS Elemental MediaPackage Video on Demand | Applicable |
| Amazon MQ | Applicable |
| Amazon VPC NAT Gateways | Not applicable |
| Amazon Neptune | Applicable |
| AWS OpsWorks | Applicable |
| Amazon Polly | Applicable |
| Amazon QLDB | Applicable |
| Amazon RDS | Not applicable |
| Amazon Redshift | Not applicable |
| Amazon Rekognition | Applicable |
| AWS RoboMaker | Applicable |
| Amazon Route 53 | Applicable |
| Amazon Route 53 Resolver | Applicable |
| Amazon S3 | Not applicable |
| Amazon SageMaker Batch Transform Jobs | Not applicable |
| Amazon SageMaker Endpoints | Not applicable |
| Amazon SageMaker Endpoint Instances | Not applicable |
| Amazon SageMaker Ground Truth | Not applicable |
| Amazon SageMaker Processing Jobs | Not applicable |
| Amazon SageMaker Training Jobs | Not applicable |
| AWS Service Catalog | Applicable |
| Amazon Simple Email Service (SES) | Not applicable |
| Amazon Simple Notification Service (SNS) | Not applicable |
| Amazon Simple Queue Service (SQS) | Not applicable |
| AWS Systems Manager - Run Command | Applicable |
| AWS Step Functions | Applicable |
| AWS Storage Gateway | Applicable |
| Amazon SWF | Applicable |
| Amazon Textract | Applicable |
| AWS Transfer Family | Applicable |
| AWS Transit Gateway | Applicable |
| Amazon Translate | Applicable |
| AWS Trusted Advisor | Applicable |
| AWS API Usage | Applicable |
| AWS Site-to-Site VPN | Applicable |
| AWS WAF Classic | Applicable |
| AWS WAF | Applicable |
| Amazon WorkMail | Applicable |
| Amazon WorkSpaces | Applicable |

Available metrics¶
ProjectName is the main dimension.
| Name | Description | Unit | Statistics | Dimensions | Recommended |
|---|---|---|---|---|---|
| BuildDuration | Measures the duration of the build's BUILD phase |
Seconds | Multi | Region | |
| BuildDuration | Seconds | Multi | ProjectName | Applicable | |
| Builds | Measures the number of builds triggered | Count | Sum | Region | Applicable |
| Builds | Count | Sum | ProjectName | Applicable | |
| CPUUtilized | The number of CPU units of allocated processing used by the build container | None | Multi | ProjectName | |
| CPUUtilized | None | Multi | ProjectName, BuildId, BuildNumber | ||
| CPUUtilizedPercent | The percentage of allocated processing used by the build container | Percent | Multi | ProjectName | |
| CPUUtilizedPercent | Percent | Multi | ProjectName, BuildId, BuildNumber | Applicable | |
| DownloadSourceDuration | Measures the duration of the build's DOWNLOAD_SOURCE phase |
Seconds | Multi | Region | |
| DownloadSourceDuration | Seconds | Multi | ProjectName | ||
| Duration | Measures the duration of all builds over time | Seconds | Multi | Region | |
| Duration | Seconds | Multi | ProjectName | Applicable | |
| FailedBuilds | Measures the number of builds that failed because of client error or a timeout | Count | Sum | Region | Applicable |
| FailedBuilds | Count | Sum | ProjectName | Applicable | |
| FinalizingDuration | Measures the duration of the build's FINALIZING phase |
Seconds | Multi | Region | |
| FinalizingDuration | Seconds | Multi | ProjectName | ||
| InstallDuration | Measures the duration of the build's INSTALL phase |
Seconds | Multi | Region | |
| InstallDuration | Seconds | Multi | ProjectName | ||
| MemoryUtilized | The number of megabytes of memory used by the build container | Megabytes | Multi | ProjectName | |
| MemoryUtilized | Megabytes | Multi | ProjectName, BuildId, BuildNumber | ||
| MemoryUtilizedPercent | The percentage of allocated memory used by the build container | Percent | Multi | ProjectName | |
| MemoryUtilizedPercent | Percent | Multi | ProjectName, BuildId, BuildNumber | Applicable | |
| PostBuildDuration | Measures the duration of the build's POST_BUILD phase |
Seconds | Multi | Region | |
| PostBuildDuration | Seconds | Multi | ProjectName | ||
| PreBuildDuration | Measures the duration of the build's PRE_BUILD phase |
Seconds | Multi | Region | |
| PreBuildDuration | Seconds | Multi | ProjectName | ||
| ProvisioningDuration | Measures the duration of the build's PROVISIONING phase |
Seconds | Multi | Region | |
| ProvisioningDuration | Seconds | Multi | ProjectName | ||
| QueuedDuration | Measures the duration of the build's QUEUED phase |
Seconds | Multi | Region | |
| QueuedDuration | Seconds | Multi | ProjectName | Applicable | |
| StorageReadBytes | The storage read speed used by the build container | Bytes/Second | Multi | ProjectName | |
| StorageReadBytes | Bytes/Second | Multi | ProjectName, BuildId, BuildNumber | Applicable | |
| StorageWriteBytes | The storage write speed used by the build container | Bytes/Second | Multi | ProjectName | |
| StorageWriteBytes | Bytes/Second | Multi | ProjectName, BuildId, BuildNumber | Applicable | |
| SubmittedDuration | Measures the duration of the build's SUBMITTED phase |
Seconds | Multi | Region | |
| SubmittedDuration | Seconds | Multi | ProjectName | ||
| SucceededBuilds | Measures the number of successful builds | Count | Sum | Region | Applicable |
| SucceededBuilds | Count | Sum | ProjectName | Applicable | |
| UploadArtifactsDuration | Measures the duration of the build's UPLOAD_ARTIFACTS phase |
Seconds | Multi | Region | |
| UploadArtifactsDuration | Seconds | Multi | ProjectName |
Source: aws-service-database-migration-service-dms.md¶
title: AWS DMS (Database Migration Service) monitoring source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-with-aws/aws-all-services/aws-service-database-migration-service-dms scraped: 2026-02-17T21:29:33.675645
AWS DMS (Database Migration Service) monitoring¶
AWS DMS (Database Migration Service) monitoring¶
- How-to guide
- 9-min read
- Published Aug 12, 2020
Dynatrace ingests metrics for multiple preselected namespaces, including AWS DMS. You can view metrics for each service instance, split metrics into multiple dimensions, and create custom charts that you can pin to your dashboards.
Prerequisites¶
To enable monitoring for this service, you need
-
ActiveGate version 1.197+
-
For Dynatrace SaaS deployments, you need an Environment ActiveGate or a Multi-environment ActiveGate.
For role-based access in SaaS deployment, you need an Environment ActiveGate installed on an Amazon EC2 host.
- Dynatrace version 1.200+
- An updated AWS monitoring policy to include the additional AWS services.
To update the AWS IAM policy, use the JSON below, containing the monitoring policy (permissions) for all supporting services.
JSON predefined policy for all supporting services
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"acm-pca:ListCertificateAuthorities",
"apigateway:GET",
"apprunner:ListServices",
"appstream:DescribeFleets",
"appsync:ListGraphqlApis",
"athena:ListWorkGroups",
"autoscaling:DescribeAutoScalingGroups",
"cloudformation:ListStackResources",
"cloudfront:ListDistributions",
"cloudhsm:DescribeClusters",
"cloudsearch:DescribeDomains",
"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"codebuild:ListProjects",
"datasync:ListTasks",
"dax:DescribeClusters",
"directconnect:DescribeConnections",
"dms:DescribeReplicationInstances",
"dynamodb:ListTables",
"dynamodb:ListTagsOfResource",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeInstances",
"ec2:DescribeNatGateways",
"ec2:DescribeSpotFleetRequests",
"ec2:DescribeTransitGateways",
"ec2:DescribeVolumes",
"ec2:DescribeVpnConnections",
"ecs:ListClusters",
"eks:ListClusters",
"elasticache:DescribeCacheClusters",
"elasticbeanstalk:DescribeEnvironmentResources",
"elasticbeanstalk:DescribeEnvironments",
"elasticfilesystem:DescribeFileSystems",
"elasticloadbalancing:DescribeInstanceHealth",
"elasticloadbalancing:DescribeListeners",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeRules",
"elasticloadbalancing:DescribeTags",
"elasticloadbalancing:DescribeTargetHealth",
"elasticmapreduce:ListClusters",
"elastictranscoder:ListPipelines",
"es:ListDomainNames",
"events:ListEventBuses",
"firehose:ListDeliveryStreams",
"fsx:DescribeFileSystems",
"gamelift:ListFleets",
"glue:GetJobs",
"inspector:ListAssessmentTemplates",
"kafka:ListClusters",
"kinesis:ListStreams",
"kinesisanalytics:ListApplications",
"kinesisvideo:ListStreams",
"lambda:ListFunctions",
"lambda:ListTags",
"lex:GetBots",
"logs:DescribeLogGroups",
"mediaconnect:ListFlows",
"mediaconvert:DescribeEndpoints",
"mediapackage-vod:ListPackagingConfigurations",
"mediapackage:ListChannels",
"mediatailor:ListPlaybackConfigurations",
"opsworks:DescribeStacks",
"qldb:ListLedgers",
"rds:DescribeDBClusters",
"rds:DescribeDBInstances",
"rds:DescribeEvents",
"rds:ListTagsForResource",
"redshift:DescribeClusters",
"robomaker:ListSimulationJobs",
"route53:ListHostedZones",
"route53resolver:ListResolverEndpoints",
"s3:ListAllMyBuckets",
"sagemaker:ListEndpoints",
"sns:ListTopics",
"sqs:ListQueues",
"storagegateway:ListGateways",
"sts:GetCallerIdentity",
"swf:ListDomains",
"tag:GetResources",
"tag:GetTagKeys",
"transfer:ListServers",
"workmail:ListOrganizations",
"workspaces:DescribeWorkspaces"
],
"Resource": "*"
}
]
}
If you don't want to add permissions to all services, and just select permissions for certain services, consult the table below. The table contains a set of permissions that are required for All AWS cloud services and, for each supporting service, a list of optional permissions specific to that service.
Permissions required for AWS monitoring integration:
"cloudwatch:GetMetricData""cloudwatch:GetMetricStatistics""cloudwatch:ListMetrics""sts:GetCallerIdentity""tag:GetResources""tag:GetTagKeys""ec2:DescribeAvailabilityZones"
Complete list of permissions for cloud services¶
| Name | Permissions |
|---|---|
| All monitored Amazon services Required | cloudwatch:GetMetricData, cloudwatch:GetMetricStatistics, cloudwatch:ListMetrics, sts:GetCallerIdentity, tag:GetResources, tag:GetTagKeys, ec2:DescribeAvailabilityZones |
| AWS Certificate Manager Private Certificate Authority | acm-pca:ListCertificateAuthorities |
| Amazon MQ | |
| Amazon API Gateway | apigateway:GET |
| AWS App Runner | apprunner:ListServices |
| Amazon AppStream | appstream:DescribeFleets |
| AWS AppSync | appsync:ListGraphqlApis |
| Amazon Athena | athena:ListWorkGroups |
| Amazon Aurora | rds:DescribeDBClusters |
| Amazon EC2 Auto Scaling | autoscaling:DescribeAutoScalingGroups |
| Amazon EC2 Auto Scaling (built-in) | autoscaling:DescribeAutoScalingGroups |
| AWS Billing | |
| Amazon Keyspaces | |
| AWS Chatbot | |
| Amazon CloudFront | cloudfront:ListDistributions |
| AWS CloudHSM | cloudhsm:DescribeClusters |
| Amazon CloudSearch | cloudsearch:DescribeDomains |
| AWS CodeBuild | codebuild:ListProjects |
| Amazon Cognito | |
| Amazon Connect | |
| Amazon Elastic Kubernetes Service (EKS) | eks:ListClusters |
| AWS DataSync | datasync:ListTasks |
| Amazon DynamoDB Accelerator (DAX) | dax:DescribeClusters |
| AWS Database Migration Service (AWS DMS) | dms:DescribeReplicationInstances |
| Amazon DocumentDB | rds:DescribeDBClusters |
| AWS Direct Connect | directconnect:DescribeConnections |
| Amazon DynamoDB | dynamodb:ListTables |
| Amazon DynamoDB (built-in) | dynamodb:ListTables, dynamodb:ListTagsOfResource |
| Amazon EBS | ec2:DescribeVolumes |
| Amazon EBS (built-in) | ec2:DescribeVolumes |
| Amazon EC2 API | |
| Amazon EC2 (built-in) | ec2:DescribeInstances |
| Amazon EC2 Spot Fleet | ec2:DescribeSpotFleetRequests |
| Amazon Elastic Container Service (ECS) | ecs:ListClusters |
| Amazon ECS Container Insights | ecs:ListClusters |
| Amazon ElastiCache (EC) | elasticache:DescribeCacheClusters |
| AWS Elastic Beanstalk | elasticbeanstalk:DescribeEnvironments |
| Amazon Elastic File System (EFS) | elasticfilesystem:DescribeFileSystems |
| Amazon Elastic Inference | |
| Amazon Elastic Map Reduce (EMR) | elasticmapreduce:ListClusters |
| Amazon Elasticsearch Service (ES) | es:ListDomainNames |
| Amazon Elastic Transcoder | elastictranscoder:ListPipelines |
| Amazon Elastic Load Balancer (ELB) (built-in) | elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth |
| Amazon EventBridge | events:ListEventBuses |
| Amazon FSx | fsx:DescribeFileSystems |
| Amazon GameLift | gamelift:ListFleets |
| AWS Glue | glue:GetJobs |
| Amazon Inspector | inspector:ListAssessmentTemplates |
| AWS Internet of Things (IoT) | |
| AWS IoT Analytics | |
| Amazon Managed Streaming for Kafka | kafka:ListClusters |
| Amazon Kinesis Data Analytics | kinesisanalytics:ListApplications |
| Amazon Data Firehose | firehose:ListDeliveryStreams |
| Amazon Kinesis Data Streams | kinesis:ListStreams |
| Amazon Kinesis Video Streams | kinesisvideo:ListStreams |
| AWS Lambda | lambda:ListFunctions |
| AWS Lambda (built-in) | lambda:ListFunctions, lambda:ListTags |
| Amazon Lex | lex:GetBots |
| Amazon Application and Network Load Balancer (built-in) | elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth |
| Amazon CloudWatch Logs | logs:DescribeLogGroups |
| AWS Elemental MediaConnect | mediaconnect:ListFlows |
| AWS Elemental MediaConvert | mediaconvert:DescribeEndpoints |
| AWS Elemental MediaPackage Live | mediapackage:ListChannels |
| AWS Elemental MediaPackage Video on Demand | mediapackage-vod:ListPackagingConfigurations |
| AWS Elemental MediaTailor | mediatailor:ListPlaybackConfigurations |
| Amazon VPC NAT Gateways | ec2:DescribeNatGateways |
| Amazon Neptune | rds:DescribeDBClusters |
| AWS OpsWorks | opsworks:DescribeStacks |
| Amazon Polly | |
| Amazon QLDB | qldb:ListLedgers |
| Amazon RDS | rds:DescribeDBInstances |
| Amazon RDS (built-in) | rds:DescribeDBInstances, rds:DescribeEvents, rds:ListTagsForResource |
| Amazon Redshift | redshift:DescribeClusters |
| Amazon Rekognition | |
| AWS RoboMaker | robomaker:ListSimulationJobs |
| Amazon Route 53 | route53:ListHostedZones |
| Amazon Route 53 Resolver | route53resolver:ListResolverEndpoints |
| Amazon S3 | s3:ListAllMyBuckets |
| Amazon S3 (built-in) | s3:ListAllMyBuckets |
| Amazon SageMaker Batch Transform Jobs | |
| Amazon SageMaker Endpoint Instances | sagemaker:ListEndpoints |
| Amazon SageMaker Endpoints | sagemaker:ListEndpoints |
| Amazon SageMaker Ground Truth | |
| Amazon SageMaker Processing Jobs | |
| Amazon SageMaker Training Jobs | |
| AWS Service Catalog | |
| Amazon Simple Email Service (SES) | |
| Amazon Simple Notification Service (SNS) | sns:ListTopics |
| Amazon Simple Queue Service (SQS) | sqs:ListQueues |
| AWS Systems Manager - Run Command | |
| AWS Step Functions | |
| AWS Storage Gateway | storagegateway:ListGateways |
| Amazon SWF | swf:ListDomains |
| Amazon Textract | |
| AWS IoT Things Graph | |
| AWS Transfer Family | transfer:ListServers |
| AWS Transit Gateway | ec2:DescribeTransitGateways |
| Amazon Translate | |
| AWS Trusted Advisor | |
| AWS API Usage | |
| AWS Site-to-Site VPN | ec2:DescribeVpnConnections |
| AWS WAF Classic | |
| AWS WAF | |
| Amazon WorkMail | workmail:ListOrganizations |
| Amazon WorkSpaces | workspaces:DescribeWorkspaces |
Example of JSON policy for one single service.
JSON policy for Amazon API Gateway
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"apigateway:GET",
"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"sts:GetCallerIdentity",
"tag:GetResources",
"tag:GetTagKeys",
"ec2:DescribeAvailabilityZones"
],
"Resource": "*"
}
]
}
In this example, from the complete list of permissions you need to select
"apigateway:GET"for Amazon API Gateway"cloudwatch:GetMetricData","cloudwatch:GetMetricStatistics","cloudwatch:ListMetrics","sts:GetCallerIdentity","tag:GetResources","tag:GetTagKeys", and"ec2:DescribeAvailabilityZones"for All AWS cloud services.
AWS endpoints that need to be reachable from ActiveGate with corresponding AWS services¶
| Endpoint | Service |
|---|---|
autoscaling.<REGION>.amazonaws.com |
Amazon EC2 Auto Scaling (built-in), Amazon EC2 Auto Scaling |
lambda.<REGION>.amazonaws.com |
AWS Lambda (built-in), AWS Lambda |
elasticloadbalancing.<REGION>.amazonaws.com |
Amazon Application and Network Load Balancer (built-in), Amazon Elastic Load Balancer (ELB) (built-in) |
dynamodb.<REGION>.amazonaws.com |
Amazon DynamoDB (built-in), Amazon DynamoDB |
ec2.<REGION>.amazonaws.com |
Amazon EBS (built-in), Amazon EC2 (built-in), Amazon EBS, Amazon EC2 Spot Fleet, Amazon VPC NAT Gateways, AWS Transit Gateway, AWS Site-to-Site VPN |
rds.<REGION>.amazonaws.com |
Amazon RDS (built-in), Amazon Aurora, Amazon DocumentDB, Amazon Neptune, Amazon RDS |
s3.<REGION>.amazonaws.com |
Amazon S3 (built-in) |
acm-pca.<REGION>.amazonaws.com |
AWS Certificate Manager Private Certificate Authority |
apigateway.<REGION>.amazonaws.com |
Amazon API Gateway |
apprunner.<REGION>.amazonaws.com |
AWS App Runner |
appstream2.<REGION>.amazonaws.com |
Amazon AppStream |
appsync.<REGION>.amazonaws.com |
AWS AppSync |
athena.<REGION>.amazonaws.com |
Amazon Athena |
cloudfront.amazonaws.com |
Amazon CloudFront |
cloudhsmv2.<REGION>.amazonaws.com |
AWS CloudHSM |
cloudsearch.<REGION>.amazonaws.com |
Amazon CloudSearch |
codebuild.<REGION>.amazonaws.com |
AWS CodeBuild |
datasync.<REGION>.amazonaws.com |
AWS DataSync |
dax.<REGION>.amazonaws.com |
Amazon DynamoDB Accelerator (DAX) |
dms.<REGION>.amazonaws.com |
AWS Database Migration Service (AWS DMS) |
directconnect.<REGION>.amazonaws.com |
AWS Direct Connect |
ecs.<REGION>.amazonaws.com |
Amazon Elastic Container Service (ECS), Amazon ECS Container Insights |
elasticfilesystem.<REGION>.amazonaws.com |
Amazon Elastic File System (EFS) |
eks.<REGION>.amazonaws.com |
Amazon Elastic Kubernetes Service (EKS) |
elasticache.<REGION>.amazonaws.com |
Amazon ElastiCache (EC) |
elasticbeanstalk.<REGION>.amazonaws.com |
AWS Elastic Beanstalk |
elastictranscoder.<REGION>.amazonaws.com |
Amazon Elastic Transcoder |
es.<REGION>.amazonaws.com |
Amazon Elasticsearch Service (ES) |
events.<REGION>.amazonaws.com |
Amazon EventBridge |
fsx.<REGION>.amazonaws.com |
Amazon FSx |
gamelift.<REGION>.amazonaws.com |
Amazon GameLift |
glue.<REGION>.amazonaws.com |
AWS Glue |
inspector.<REGION>.amazonaws.com |
Amazon Inspector |
kafka.<REGION>.amazonaws.com |
Amazon Managed Streaming for Kafka |
models.lex.<REGION>.amazonaws.com |
Amazon Lex |
logs.<REGION>.amazonaws.com |
Amazon CloudWatch Logs |
api.mediatailor.<REGION>.amazonaws.com |
AWS Elemental MediaTailor |
mediaconnect.<REGION>.amazonaws.com |
AWS Elemental MediaConnect |
mediapackage.<REGION>.amazonaws.com |
AWS Elemental MediaPackage Live |
mediapackage-vod.<REGION>.amazonaws.com |
AWS Elemental MediaPackage Video on Demand |
opsworks.<REGION>.amazonaws.com |
AWS OpsWorks |
qldb.<REGION>.amazonaws.com |
Amazon QLDB |
redshift.<REGION>.amazonaws.com |
Amazon Redshift |
robomaker.<REGION>.amazonaws.com |
AWS RoboMaker |
route53.amazonaws.com |
Amazon Route 53 |
route53resolver.<REGION>.amazonaws.com |
Amazon Route 53 Resolver |
api.sagemaker.<REGION>.amazonaws.com |
Amazon SageMaker Endpoints, Amazon SageMaker Endpoint Instances |
sns.<REGION>.amazonaws.com |
Amazon Simple Notification Service (SNS) |
sqs.<REGION>.amazonaws.com |
Amazon Simple Queue Service (SQS) |
storagegateway.<REGION>.amazonaws.com |
AWS Storage Gateway |
swf.<REGION>.amazonaws.com |
Amazon SWF |
transfer.<REGION>.amazonaws.com |
AWS Transfer Family |
workmail.<REGION>.amazonaws.com |
Amazon WorkMail |
workspaces.<REGION>.amazonaws.com |
Amazon WorkSpaces |
Enable monitoring¶
To learn how to enable service monitoring, see Enable service monitoring.
View service metrics¶
You can view the service metrics in your Dynatrace environment either on the custom device overview page or on your Dashboards page.
View metrics on the custom device overview page¶
To access the custom device overview page
- Go to
Technologies & Processes Classic. - Filter by service name and select the relevant custom device group.
- Once you select the custom device group, you're on the custom device group overview page.
- The custom device group overview page lists all instances (custom devices) belonging to the group. Select an instance to view the custom device overview page.
View metrics on your dashboard¶
After you add the service to monitoring, a preset dashboard containing all recommended metrics is automatically listed on your Dashboards page. To look for specific dashboards, filter by Preset and then by Name.

For existing monitored services, you might need to resave your credentials for the preset dashboard to appear on the Dashboards page. To resave your credentials, go to Settings > Cloud and virtualization > AWS, select the desired AWS instance, and then select Save.
You can't make changes on a preset dashboard directly, but you can clone and edit it. To clone a dashboard, open the browse menu (â¦) and select Clone.
To remove a dashboard from the dashboards page, you can hide it. To hide a dashboard, open the browse menu (â¦) and select Hide.
Hiding a dashboard doesn't affect other users.

To check the availability of preset dashboards for each AWS service, see the list below.
Preset dashboard availability list¶
| AWS service | Preset dashboard |
|---|---|
| Amazon EC2 Auto Scaling (built-in) | Not applicable |
| AWS Lambda (built-in) | Not applicable |
| Amazon Application and Network Load Balancer (built-in) | Not applicable |
| Amazon DynamoDB (built-in) | Not applicable |
| Amazon EBS (built-in) | Not applicable |
| Amazon EC2 (built-in) | Not applicable |
| Amazon Elastic Load Balancer (ELB) (built-in) | Not applicable |
| Amazon RDS (built-in) | Not applicable |
| Amazon S3 (built-in) | Not applicable |
| AWS Certificate Manager Private Certificate Authority | Not applicable |
| All monitored Amazon services | Not applicable |
| Amazon API Gateway | Not applicable |
| AWS App Runner | Not applicable |
| Amazon AppStream | Applicable |
| AWS AppSync | Applicable |
| Amazon Athena | Applicable |
| Amazon Aurora | Not applicable |
| Amazon EC2 Auto Scaling | Applicable |
| AWS Billing | Applicable |
| Amazon Keyspaces | Applicable |
| AWS Chatbot | Applicable |
| Amazon CloudFront | Not applicable |
| AWS CloudHSM | Applicable |
| Amazon CloudSearch | Applicable |
| AWS CodeBuild | Applicable |
| Amazon Cognito | Not applicable |
| Amazon Connect | Applicable |
| AWS DataSync | Applicable |
| Amazon DynamoDB Accelerator (DAX) | Applicable |
| AWS Database Migration Service (AWS DMS) | Applicable |
| Amazon DocumentDB | Applicable |
| AWS Direct Connect | Applicable |
| Amazon DynamoDB | Not applicable |
| Amazon EBS | Not applicable |
| Amazon EC2 Spot Fleet | Not applicable |
| Amazon EC2 API | Applicable |
| Amazon Elastic Container Service (ECS) | Not applicable |
| Amazon ECS Container Insights | Applicable |
| Amazon Elastic File System (EFS) | Not applicable |
| Amazon Elastic Kubernetes Service (EKS) | Applicable |
| Amazon ElastiCache (EC) | Not applicable |
| AWS Elastic Beanstalk | Applicable |
| Amazon Elastic Inference | Applicable |
| Amazon Elastic Transcoder | Applicable |
| Amazon Elastic Map Reduce (EMR) | Not applicable |
| Amazon Elasticsearch Service (ES) | Not applicable |
| Amazon EventBridge | Applicable |
| Amazon FSx | Applicable |
| Amazon GameLift | Applicable |
| AWS Glue | Not applicable |
| Amazon Inspector | Applicable |
| AWS Internet of Things (IoT) | Not applicable |
| AWS IoT Things Graph | Applicable |
| AWS IoT Analytics | Applicable |
| Amazon Managed Streaming for Kafka | Applicable |
| Amazon Kinesis Data Analytics | Not applicable |
| Amazon Data Firehose | Not applicable |
| Amazon Kinesis Data Streams | Not applicable |
| Amazon Kinesis Video Streams | Not applicable |
| AWS Lambda | Not applicable |
| Amazon Lex | Applicable |
| Amazon CloudWatch Logs | Applicable |
| AWS Elemental MediaTailor | Applicable |
| AWS Elemental MediaConnect | Applicable |
| AWS Elemental MediaConvert | Applicable |
| AWS Elemental MediaPackage Live | Applicable |
| AWS Elemental MediaPackage Video on Demand | Applicable |
| Amazon MQ | Applicable |
| Amazon VPC NAT Gateways | Not applicable |
| Amazon Neptune | Applicable |
| AWS OpsWorks | Applicable |
| Amazon Polly | Applicable |
| Amazon QLDB | Applicable |
| Amazon RDS | Not applicable |
| Amazon Redshift | Not applicable |
| Amazon Rekognition | Applicable |
| AWS RoboMaker | Applicable |
| Amazon Route 53 | Applicable |
| Amazon Route 53 Resolver | Applicable |
| Amazon S3 | Not applicable |
| Amazon SageMaker Batch Transform Jobs | Not applicable |
| Amazon SageMaker Endpoints | Not applicable |
| Amazon SageMaker Endpoint Instances | Not applicable |
| Amazon SageMaker Ground Truth | Not applicable |
| Amazon SageMaker Processing Jobs | Not applicable |
| Amazon SageMaker Training Jobs | Not applicable |
| AWS Service Catalog | Applicable |
| Amazon Simple Email Service (SES) | Not applicable |
| Amazon Simple Notification Service (SNS) | Not applicable |
| Amazon Simple Queue Service (SQS) | Not applicable |
| AWS Systems Manager - Run Command | Applicable |
| AWS Step Functions | Applicable |
| AWS Storage Gateway | Applicable |
| Amazon SWF | Applicable |
| Amazon Textract | Applicable |
| AWS Transfer Family | Applicable |
| AWS Transit Gateway | Applicable |
| Amazon Translate | Applicable |
| AWS Trusted Advisor | Applicable |
| AWS API Usage | Applicable |
| AWS Site-to-Site VPN | Applicable |
| AWS WAF Classic | Applicable |
| AWS WAF | Applicable |
| Amazon WorkMail | Applicable |
| Amazon WorkSpaces | Applicable |

Available metrics¶
ReplicationInstanceIdentifier is the main dimension.
| Name | Description | Unit | Statistics | Dimensions | Recommended |
|---|---|---|---|---|---|
| CDCChangesDiskSource | Amount of rows accumulating on disk and waiting to be committed from the source | Count | Sum | ReplicationInstanceIdentifier, ReplicationTaskIdentifier | |
| CDCChangesDiskTarget | Amount of rows accumulating on disk and waiting to be committed to the target | Count | Sum | ReplicationInstanceIdentifier, ReplicationTaskIdentifier | |
| CDCChangesMemorySource | Amount of rows accumulating in memory and waiting to be committed from the source | Count | Sum | ReplicationInstanceIdentifier, ReplicationTaskIdentifier | |
| CDCChangesMemoryTarget | Amount of rows accumulating in memory and waiting to be committed to the target | Count | Sum | ReplicationInstanceIdentifier, ReplicationTaskIdentifier | |
| CDCIncomingChanges | The total number of change events at a point in time that are waiting to be applied to the target | Count | Sum | ReplicationInstanceIdentifier, ReplicationTaskIdentifier | Applicable |
| CDCLatencySource | The gap, in seconds, between the last event captured from the source endpoint and the current system timestamp of the AWS DMS instance. CDCLatencySource represents the latency between source and replication instance. | Seconds | Multi | ReplicationInstanceIdentifier, ReplicationTaskIdentifier | Applicable |
| CDCLatencyTarget | The gap, in seconds, between the first event timestamp waiting to commit on the target and the current timestamp of the AWS DMS instance. CDCLatencyTarget represents the latency between replication instance and target. | Seconds | Multi | ReplicationInstanceIdentifier, ReplicationTaskIdentifier | Applicable |
| CDCThroughputBandwidthSource | Incoming data received for the source in KB per second | Kilobytes/Second | Multi | ReplicationInstanceIdentifier, ReplicationTaskIdentifier | Applicable |
| CDCThroughputBandwidthTarget | Outgoing data transmitted for the target in KB per second | Kilobytes/Second | Multi | ReplicationInstanceIdentifier, ReplicationTaskIdentifier | Applicable |
| CDCThroughputRowsSource | Incoming task changes from the source in rows per second | Count/Second | Multi | ReplicationInstanceIdentifier, ReplicationTaskIdentifier | Applicable |
| CDCThroughputRowsTarget | Outgoing task changes for the target in rows per second | Count/Second | Multi | ReplicationInstanceIdentifier, ReplicationTaskIdentifier | Applicable |
| CPUAllocated | The percentage of CPU maximally allocated for the task (0 means no limit) | Percent | Multi | ReplicationInstanceIdentifier, ReplicationTaskIdentifier | |
| CPUUtilization | The amount of CPU used | Percent | Multi | ReplicationInstanceIdentifier, ReplicationTaskIdentifier | Applicable |
| CPUUtilization | Percent | Multi | ReplicationInstanceIdentifier | Applicable | |
| CPUUtilization | Percent | Multi | Region, ReplicationInstanceExternalResourceId | Applicable | |
| CPUUtilization | Percent | Multi | Region | Applicable | |
| CPUUtilization | Percent | Multi | Region, InstanceClass | ||
| DiskQueueDepth | The number of outstanding I/Os (read/write requests) waiting to access the disk | Count | Multi | Region, ReplicationInstanceExternalResourceId | |
| DiskQueueDepth | Count | Multi | Region | ||
| DiskQueueDepth | Count | Multi | Region, InstanceClass | ||
| DiskQueueDepth | Count | Multi | ReplicationInstanceIdentifier | ||
| FreeStorageSpace | The amount of available storage space | Bytes | Multi | ReplicationInstanceIdentifier | Applicable |
| FreeStorageSpace | Bytes | Multi | Region, ReplicationInstanceExternalResourceId | ||
| FreeStorageSpace | Bytes | Multi | Region | ||
| FreeStorageSpace | Bytes | Multi | Region, InstanceClass | ||
| FreeableMemory | The amount of available RAM | Bytes | Multi | ReplicationInstanceIdentifier | Applicable |
| FreeableMemory | Bytes | Multi | Region, ReplicationInstanceExternalResourceId | ||
| FreeableMemory | Bytes | Multi | Region | ||
| FreeableMemory | Bytes | Multi | Region, InstanceClass | ||
| FullLoadThroughputBandwidthSource | Incoming data received from a full load from the source in kilobytes (KB) per second | Kilobytes/Second | Multi | ReplicationInstanceIdentifier, ReplicationTaskIdentifier | Applicable |
| FullLoadThroughputBandwidthTarget | Outgoing data transmitted from a full load for the target in kilobytes (KB) per second | Kilobytes/Second | Multi | ReplicationInstanceIdentifier, ReplicationTaskIdentifier | Applicable |
| FullLoadThroughputRowsSource | Incoming changes from a full load from the source in rows per second | Count/Second | Multi | ReplicationInstanceIdentifier, ReplicationTaskIdentifier | Applicable |
| FullLoadThroughputRowsTarget | Outgoing changes from a full load for the target in rows per second | Count/Second | Multi | ReplicationInstanceIdentifier, ReplicationTaskIdentifier | Applicable |
| MemoryAllocated | The maximum allocation of memory for the task (0 means no limits) | Megabytes | Multi | ReplicationInstanceIdentifier, ReplicationTaskIdentifier | |
| MemoryUsage | The resident set size (RSS) occupied by a task. It indicates the portion of memory occupied by a task held in main memory (RAM). | Megabytes | Multi | ReplicationInstanceIdentifier, ReplicationTaskIdentifier | Applicable |
| NetworkReceiveThroughput | The incoming (receive) network traffic on the replication instance, including both customer database traffic and AWS DMS traffic used for monitoring and replication | Bytes/Second | Multi | ReplicationInstanceIdentifier | Applicable |
| NetworkReceiveThroughput | Bytes/Second | Multi | Region, ReplicationInstanceExternalResourceId | ||
| NetworkReceiveThroughput | Bytes/Second | Multi | Region | ||
| NetworkReceiveThroughput | Bytes/Second | Multi | Region, InstanceClass | ||
| NetworkTransmitThroughput | The outgoing (transmit) network traffic on the replication instance, including both customer database traffic and AWS DMS traffic used for monitoring and replication | Bytes/Second | Multi | ReplicationInstanceIdentifier | Applicable |
| NetworkTransmitThroughput | Bytes/Second | Multi | Region, ReplicationInstanceExternalResourceId | ||
| NetworkTransmitThroughput | Bytes/Second | Multi | Region | ||
| NetworkTransmitThroughput | Bytes/Second | Multi | Region, InstanceClass | ||
| ReadIOPS | The average number of disk read I/O operations per second | Count/Second | Multi | ReplicationInstanceIdentifier | Applicable |
| ReadIOPS | Count/Second | Multi | Region, ReplicationInstanceExternalResourceId | ||
| ReadIOPS | Count/Second | Multi | Region | ||
| ReadIOPS | Count/Second | Multi | Region, InstanceClass | ||
| ReadLatency | The average amount of time taken per disk I/O (input) operation | Seconds | Multi | ReplicationInstanceIdentifier | Applicable |
| ReadLatency | Seconds | Multi | Region, ReplicationInstanceExternalResourceId | ||
| ReadLatency | Seconds | Multi | Region | ||
| ReadLatency | Seconds | Multi | Region, InstanceClass | ||
| ReadThroughput | The average number of bytes read from disk per second | Bytes/Second | Multi | ReplicationInstanceIdentifier | Applicable |
| ReadThroughput | Bytes/Second | Multi | Region, ReplicationInstanceExternalResourceId | ||
| ReadThroughput | Bytes/Second | Multi | Region | ||
| ReadThroughput | Bytes/Second | Multi | Region, InstanceClass | ||
| RecoveryCount | Count | Sum | ReplicationInstanceIdentifier, ReplicationTaskIdentifier | Applicable | |
| RunCounter | Count | Sum | ReplicationInstanceIdentifier, ReplicationTaskIdentifier | Applicable | |
| SwapUsage | The amount of swap space used on the replication instance | Bytes | Multi | ReplicationInstanceIdentifier | Applicable |
| SwapUsage | Bytes | Multi | Region, ReplicationInstanceExternalResourceId | ||
| SwapUsage | Bytes | Multi | Region | ||
| SwapUsage | Bytes | Multi | Region, InstanceClass | ||
| ValidationAttemptedRecordCount | Number of rows that validation was attempted, per minute | Count | Sum | ReplicationInstanceIdentifier, ReplicationTaskIdentifier | Applicable |
| ValidationBulkQuerySourceLatency | AWS DMS can do data validation in bulk, especially in certain scenarios during a full-load or ongoing replication when there are many changes. This metric indicates the latency required to read a bulk set of data from the source endpoint. | Milliseconds | Multi | ReplicationInstanceIdentifier, ReplicationTaskIdentifier | Applicable |
| ValidationBulkQueryTargetLatency | AWS DMS can do data validation in bulk, especially in certain scenarios during a full-load or ongoing replication when there are many changes. This metric indicates the latency required to read a bulk set of data on the target endpoint. | Milliseconds | Multi | ReplicationInstanceIdentifier, ReplicationTaskIdentifier | Applicable |
| ValidationFailedOverallCount | Number of rows where validation failed | Count | Sum | ReplicationInstanceIdentifier, ReplicationTaskIdentifier | Applicable |
| ValidationItemQuerySourceLatency | During ongoing replication, data validation can identify ongoing changes and validate those changes. This metric indicates the latency in reading those changes from the source. | Milliseconds | Multi | ReplicationInstanceIdentifier, ReplicationTaskIdentifier | |
| ValidationItemQueryTargetLatency | During ongoing replication, data validation can identify ongoing changes and validate the changes row by row. This metric gives us the latency in reading those changes from the target. | Milliseconds | Multi | ReplicationInstanceIdentifier, ReplicationTaskIdentifier | |
| ValidationPendingOverallCount | Number of rows where the validation is still pending | Count | Sum | ReplicationInstanceIdentifier, ReplicationTaskIdentifier | Applicable |
| ValidationSucceededRecordCount | Number of rows that AWS DMS validated, per minute | Count | Sum | ReplicationInstanceIdentifier, ReplicationTaskIdentifier | Applicable |
| ValidationSuspendedOverallCount | Number of rows where validation was suspended | Count | Sum | ReplicationInstanceIdentifier, ReplicationTaskIdentifier | Applicable |
| WriteIOPS | The average number of disk write I/O operations per second | Count/Second | Multi | ReplicationInstanceIdentifier | Applicable |
| WriteIOPS | Count/Second | Multi | Region, ReplicationInstanceExternalResourceId | ||
| WriteIOPS | Count/Second | Multi | Region | ||
| WriteIOPS | Count/Second | Multi | Region, InstanceClass | ||
| WriteLatency | The average amount of time taken per disk I/O (output) operation | Seconds | Multi | ReplicationInstanceIdentifier | Applicable |
| WriteLatency | Seconds | Multi | Region, ReplicationInstanceExternalResourceId | ||
| WriteLatency | Seconds | Multi | Region | ||
| WriteLatency | Seconds | Multi | Region, InstanceClass | ||
| WriteThroughput | The average number of bytes written to disk per second | Bytes/Second | Multi | ReplicationInstanceIdentifier | Applicable |
| WriteThroughput | Bytes/Second | Multi | Region, ReplicationInstanceExternalResourceId | ||
| WriteThroughput | Bytes/Second | Multi | Region | ||
| WriteThroughput | Bytes/Second | Multi | Region, InstanceClass |
Limitations¶
To collect metrics about changes captured by the migration task (CDC metrics) on MySQL, the binary logging and automatic backup settings should be enabled.
Source: aws-service-direct-connect.md¶
title: AWS Direct Connect monitoring source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-with-aws/aws-all-services/aws-service-direct-connect scraped: 2026-02-18T05:57:52.258889
AWS Direct Connect monitoring¶
AWS Direct Connect monitoring¶
- How-to guide
- 2-min read
- Published Sep 08, 2020
Dynatrace ingests metrics for multiple preselected namespaces, including AWS Direct Connect. You can view metrics for each service instance, split metrics into multiple dimensions, and create custom charts that you can pin to your dashboards.
Prerequisites¶
To enable monitoring for this service, you need
-
ActiveGate version 1.197+
-
For Dynatrace SaaS deployments, you need an Environment ActiveGate or a Multi-environment ActiveGate.
For role-based access in a SaaS deployment, you need an Environment ActiveGate installed on an Amazon EC2 host.
- Dynatrace version 1.201+
- An updated AWS monitoring policy to include the additional AWS services.
To update the AWS IAM policy, use the JSON below, containing the monitoring policy (permissions) for all supporting services.
JSON predefined policy for all supporting services
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"acm-pca:ListCertificateAuthorities",
"apigateway:GET",
"apprunner:ListServices",
"appstream:DescribeFleets",
"appsync:ListGraphqlApis",
"athena:ListWorkGroups",
"autoscaling:DescribeAutoScalingGroups",
"cloudformation:ListStackResources",
"cloudfront:ListDistributions",
"cloudhsm:DescribeClusters",
"cloudsearch:DescribeDomains",
"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"codebuild:ListProjects",
"datasync:ListTasks",
"dax:DescribeClusters",
"directconnect:DescribeConnections",
"dms:DescribeReplicationInstances",
"dynamodb:ListTables",
"dynamodb:ListTagsOfResource",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeInstances",
"ec2:DescribeNatGateways",
"ec2:DescribeSpotFleetRequests",
"ec2:DescribeTransitGateways",
"ec2:DescribeVolumes",
"ec2:DescribeVpnConnections",
"ecs:ListClusters",
"eks:ListClusters",
"elasticache:DescribeCacheClusters",
"elasticbeanstalk:DescribeEnvironmentResources",
"elasticbeanstalk:DescribeEnvironments",
"elasticfilesystem:DescribeFileSystems",
"elasticloadbalancing:DescribeInstanceHealth",
"elasticloadbalancing:DescribeListeners",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeRules",
"elasticloadbalancing:DescribeTags",
"elasticloadbalancing:DescribeTargetHealth",
"elasticmapreduce:ListClusters",
"elastictranscoder:ListPipelines",
"es:ListDomainNames",
"events:ListEventBuses",
"firehose:ListDeliveryStreams",
"fsx:DescribeFileSystems",
"gamelift:ListFleets",
"glue:GetJobs",
"inspector:ListAssessmentTemplates",
"kafka:ListClusters",
"kinesis:ListStreams",
"kinesisanalytics:ListApplications",
"kinesisvideo:ListStreams",
"lambda:ListFunctions",
"lambda:ListTags",
"lex:GetBots",
"logs:DescribeLogGroups",
"mediaconnect:ListFlows",
"mediaconvert:DescribeEndpoints",
"mediapackage-vod:ListPackagingConfigurations",
"mediapackage:ListChannels",
"mediatailor:ListPlaybackConfigurations",
"opsworks:DescribeStacks",
"qldb:ListLedgers",
"rds:DescribeDBClusters",
"rds:DescribeDBInstances",
"rds:DescribeEvents",
"rds:ListTagsForResource",
"redshift:DescribeClusters",
"robomaker:ListSimulationJobs",
"route53:ListHostedZones",
"route53resolver:ListResolverEndpoints",
"s3:ListAllMyBuckets",
"sagemaker:ListEndpoints",
"sns:ListTopics",
"sqs:ListQueues",
"storagegateway:ListGateways",
"sts:GetCallerIdentity",
"swf:ListDomains",
"tag:GetResources",
"tag:GetTagKeys",
"transfer:ListServers",
"workmail:ListOrganizations",
"workspaces:DescribeWorkspaces"
],
"Resource": "*"
}
]
}
If you don't want to add permissions to all services, and just select permissions for certain services, consult the table below. The table contains a set of permissions that are required for All AWS cloud services and, for each supporting service, a list of optional permissions specific to that service.
Permissions required for AWS monitoring integration:
"cloudwatch:GetMetricData""cloudwatch:GetMetricStatistics""cloudwatch:ListMetrics""sts:GetCallerIdentity""tag:GetResources""tag:GetTagKeys""ec2:DescribeAvailabilityZones"
Complete list of permissions for cloud services¶
| Name | Permissions |
|---|---|
| All monitored Amazon services Required | cloudwatch:GetMetricData, cloudwatch:GetMetricStatistics, cloudwatch:ListMetrics, sts:GetCallerIdentity, tag:GetResources, tag:GetTagKeys, ec2:DescribeAvailabilityZones |
| AWS Certificate Manager Private Certificate Authority | acm-pca:ListCertificateAuthorities |
| Amazon MQ | |
| Amazon API Gateway | apigateway:GET |
| AWS App Runner | apprunner:ListServices |
| Amazon AppStream | appstream:DescribeFleets |
| AWS AppSync | appsync:ListGraphqlApis |
| Amazon Athena | athena:ListWorkGroups |
| Amazon Aurora | rds:DescribeDBClusters |
| Amazon EC2 Auto Scaling | autoscaling:DescribeAutoScalingGroups |
| Amazon EC2 Auto Scaling (built-in) | autoscaling:DescribeAutoScalingGroups |
| AWS Billing | |
| Amazon Keyspaces | |
| AWS Chatbot | |
| Amazon CloudFront | cloudfront:ListDistributions |
| AWS CloudHSM | cloudhsm:DescribeClusters |
| Amazon CloudSearch | cloudsearch:DescribeDomains |
| AWS CodeBuild | codebuild:ListProjects |
| Amazon Cognito | |
| Amazon Connect | |
| Amazon Elastic Kubernetes Service (EKS) | eks:ListClusters |
| AWS DataSync | datasync:ListTasks |
| Amazon DynamoDB Accelerator (DAX) | dax:DescribeClusters |
| AWS Database Migration Service (AWS DMS) | dms:DescribeReplicationInstances |
| Amazon DocumentDB | rds:DescribeDBClusters |
| AWS Direct Connect | directconnect:DescribeConnections |
| Amazon DynamoDB | dynamodb:ListTables |
| Amazon DynamoDB (built-in) | dynamodb:ListTables, dynamodb:ListTagsOfResource |
| Amazon EBS | ec2:DescribeVolumes |
| Amazon EBS (built-in) | ec2:DescribeVolumes |
| Amazon EC2 API | |
| Amazon EC2 (built-in) | ec2:DescribeInstances |
| Amazon EC2 Spot Fleet | ec2:DescribeSpotFleetRequests |
| Amazon Elastic Container Service (ECS) | ecs:ListClusters |
| Amazon ECS Container Insights | ecs:ListClusters |
| Amazon ElastiCache (EC) | elasticache:DescribeCacheClusters |
| AWS Elastic Beanstalk | elasticbeanstalk:DescribeEnvironments |
| Amazon Elastic File System (EFS) | elasticfilesystem:DescribeFileSystems |
| Amazon Elastic Inference | |
| Amazon Elastic Map Reduce (EMR) | elasticmapreduce:ListClusters |
| Amazon Elasticsearch Service (ES) | es:ListDomainNames |
| Amazon Elastic Transcoder | elastictranscoder:ListPipelines |
| Amazon Elastic Load Balancer (ELB) (built-in) | elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth |
| Amazon EventBridge | events:ListEventBuses |
| Amazon FSx | fsx:DescribeFileSystems |
| Amazon GameLift | gamelift:ListFleets |
| AWS Glue | glue:GetJobs |
| Amazon Inspector | inspector:ListAssessmentTemplates |
| AWS Internet of Things (IoT) | |
| AWS IoT Analytics | |
| Amazon Managed Streaming for Kafka | kafka:ListClusters |
| Amazon Kinesis Data Analytics | kinesisanalytics:ListApplications |
| Amazon Data Firehose | firehose:ListDeliveryStreams |
| Amazon Kinesis Data Streams | kinesis:ListStreams |
| Amazon Kinesis Video Streams | kinesisvideo:ListStreams |
| AWS Lambda | lambda:ListFunctions |
| AWS Lambda (built-in) | lambda:ListFunctions, lambda:ListTags |
| Amazon Lex | lex:GetBots |
| Amazon Application and Network Load Balancer (built-in) | elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth |
| Amazon CloudWatch Logs | logs:DescribeLogGroups |
| AWS Elemental MediaConnect | mediaconnect:ListFlows |
| AWS Elemental MediaConvert | mediaconvert:DescribeEndpoints |
| AWS Elemental MediaPackage Live | mediapackage:ListChannels |
| AWS Elemental MediaPackage Video on Demand | mediapackage-vod:ListPackagingConfigurations |
| AWS Elemental MediaTailor | mediatailor:ListPlaybackConfigurations |
| Amazon VPC NAT Gateways | ec2:DescribeNatGateways |
| Amazon Neptune | rds:DescribeDBClusters |
| AWS OpsWorks | opsworks:DescribeStacks |
| Amazon Polly | |
| Amazon QLDB | qldb:ListLedgers |
| Amazon RDS | rds:DescribeDBInstances |
| Amazon RDS (built-in) | rds:DescribeDBInstances, rds:DescribeEvents, rds:ListTagsForResource |
| Amazon Redshift | redshift:DescribeClusters |
| Amazon Rekognition | |
| AWS RoboMaker | robomaker:ListSimulationJobs |
| Amazon Route 53 | route53:ListHostedZones |
| Amazon Route 53 Resolver | route53resolver:ListResolverEndpoints |
| Amazon S3 | s3:ListAllMyBuckets |
| Amazon S3 (built-in) | s3:ListAllMyBuckets |
| Amazon SageMaker Batch Transform Jobs | |
| Amazon SageMaker Endpoint Instances | sagemaker:ListEndpoints |
| Amazon SageMaker Endpoints | sagemaker:ListEndpoints |
| Amazon SageMaker Ground Truth | |
| Amazon SageMaker Processing Jobs | |
| Amazon SageMaker Training Jobs | |
| AWS Service Catalog | |
| Amazon Simple Email Service (SES) | |
| Amazon Simple Notification Service (SNS) | sns:ListTopics |
| Amazon Simple Queue Service (SQS) | sqs:ListQueues |
| AWS Systems Manager - Run Command | |
| AWS Step Functions | |
| AWS Storage Gateway | storagegateway:ListGateways |
| Amazon SWF | swf:ListDomains |
| Amazon Textract | |
| AWS IoT Things Graph | |
| AWS Transfer Family | transfer:ListServers |
| AWS Transit Gateway | ec2:DescribeTransitGateways |
| Amazon Translate | |
| AWS Trusted Advisor | |
| AWS API Usage | |
| AWS Site-to-Site VPN | ec2:DescribeVpnConnections |
| AWS WAF Classic | |
| AWS WAF | |
| Amazon WorkMail | workmail:ListOrganizations |
| Amazon WorkSpaces | workspaces:DescribeWorkspaces |
Example of JSON policy for one single service.
JSON policy for Amazon API Gateway
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"apigateway:GET",
"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"sts:GetCallerIdentity",
"tag:GetResources",
"tag:GetTagKeys",
"ec2:DescribeAvailabilityZones"
],
"Resource": "*"
}
]
}
In this example, from the complete list of permissions you need to select
"apigateway:GET"for Amazon API Gateway"cloudwatch:GetMetricData","cloudwatch:GetMetricStatistics","cloudwatch:ListMetrics","sts:GetCallerIdentity","tag:GetResources","tag:GetTagKeys", and"ec2:DescribeAvailabilityZones"for All AWS cloud services.
AWS endpoints that need to be reachable from ActiveGate with corresponding AWS services¶
| Endpoint | Service |
|---|---|
autoscaling.<REGION>.amazonaws.com |
Amazon EC2 Auto Scaling (built-in), Amazon EC2 Auto Scaling |
lambda.<REGION>.amazonaws.com |
AWS Lambda (built-in), AWS Lambda |
elasticloadbalancing.<REGION>.amazonaws.com |
Amazon Application and Network Load Balancer (built-in), Amazon Elastic Load Balancer (ELB) (built-in) |
dynamodb.<REGION>.amazonaws.com |
Amazon DynamoDB (built-in), Amazon DynamoDB |
ec2.<REGION>.amazonaws.com |
Amazon EBS (built-in), Amazon EC2 (built-in), Amazon EBS, Amazon EC2 Spot Fleet, Amazon VPC NAT Gateways, AWS Transit Gateway, AWS Site-to-Site VPN |
rds.<REGION>.amazonaws.com |
Amazon RDS (built-in), Amazon Aurora, Amazon DocumentDB, Amazon Neptune, Amazon RDS |
s3.<REGION>.amazonaws.com |
Amazon S3 (built-in) |
acm-pca.<REGION>.amazonaws.com |
AWS Certificate Manager Private Certificate Authority |
apigateway.<REGION>.amazonaws.com |
Amazon API Gateway |
apprunner.<REGION>.amazonaws.com |
AWS App Runner |
appstream2.<REGION>.amazonaws.com |
Amazon AppStream |
appsync.<REGION>.amazonaws.com |
AWS AppSync |
athena.<REGION>.amazonaws.com |
Amazon Athena |
cloudfront.amazonaws.com |
Amazon CloudFront |
cloudhsmv2.<REGION>.amazonaws.com |
AWS CloudHSM |
cloudsearch.<REGION>.amazonaws.com |
Amazon CloudSearch |
codebuild.<REGION>.amazonaws.com |
AWS CodeBuild |
datasync.<REGION>.amazonaws.com |
AWS DataSync |
dax.<REGION>.amazonaws.com |
Amazon DynamoDB Accelerator (DAX) |
dms.<REGION>.amazonaws.com |
AWS Database Migration Service (AWS DMS) |
directconnect.<REGION>.amazonaws.com |
AWS Direct Connect |
ecs.<REGION>.amazonaws.com |
Amazon Elastic Container Service (ECS), Amazon ECS Container Insights |
elasticfilesystem.<REGION>.amazonaws.com |
Amazon Elastic File System (EFS) |
eks.<REGION>.amazonaws.com |
Amazon Elastic Kubernetes Service (EKS) |
elasticache.<REGION>.amazonaws.com |
Amazon ElastiCache (EC) |
elasticbeanstalk.<REGION>.amazonaws.com |
AWS Elastic Beanstalk |
elastictranscoder.<REGION>.amazonaws.com |
Amazon Elastic Transcoder |
es.<REGION>.amazonaws.com |
Amazon Elasticsearch Service (ES) |
events.<REGION>.amazonaws.com |
Amazon EventBridge |
fsx.<REGION>.amazonaws.com |
Amazon FSx |
gamelift.<REGION>.amazonaws.com |
Amazon GameLift |
glue.<REGION>.amazonaws.com |
AWS Glue |
inspector.<REGION>.amazonaws.com |
Amazon Inspector |
kafka.<REGION>.amazonaws.com |
Amazon Managed Streaming for Kafka |
models.lex.<REGION>.amazonaws.com |
Amazon Lex |
logs.<REGION>.amazonaws.com |
Amazon CloudWatch Logs |
api.mediatailor.<REGION>.amazonaws.com |
AWS Elemental MediaTailor |
mediaconnect.<REGION>.amazonaws.com |
AWS Elemental MediaConnect |
mediapackage.<REGION>.amazonaws.com |
AWS Elemental MediaPackage Live |
mediapackage-vod.<REGION>.amazonaws.com |
AWS Elemental MediaPackage Video on Demand |
opsworks.<REGION>.amazonaws.com |
AWS OpsWorks |
qldb.<REGION>.amazonaws.com |
Amazon QLDB |
redshift.<REGION>.amazonaws.com |
Amazon Redshift |
robomaker.<REGION>.amazonaws.com |
AWS RoboMaker |
route53.amazonaws.com |
Amazon Route 53 |
route53resolver.<REGION>.amazonaws.com |
Amazon Route 53 Resolver |
api.sagemaker.<REGION>.amazonaws.com |
Amazon SageMaker Endpoints, Amazon SageMaker Endpoint Instances |
sns.<REGION>.amazonaws.com |
Amazon Simple Notification Service (SNS) |
sqs.<REGION>.amazonaws.com |
Amazon Simple Queue Service (SQS) |
storagegateway.<REGION>.amazonaws.com |
AWS Storage Gateway |
swf.<REGION>.amazonaws.com |
Amazon SWF |
transfer.<REGION>.amazonaws.com |
AWS Transfer Family |
workmail.<REGION>.amazonaws.com |
Amazon WorkMail |
workspaces.<REGION>.amazonaws.com |
Amazon WorkSpaces |
Enable monitoring¶
To learn how to enable service monitoring, see Enable service monitoring.
View service metrics¶
You can view the service metrics in your Dynatrace environment either on the custom device overview page or on your Dashboards page.
View metrics on the custom device overview page¶
To access the custom device overview page
- Go to
Technologies & Processes Classic. - Filter by service name and select the relevant custom device group.
- Once you select the custom device group, you're on the custom device group overview page.
- The custom device group overview page lists all instances (custom devices) belonging to the group. Select an instance to view the custom device overview page.
View metrics on your dashboard¶
After you add the service to monitoring, a preset dashboard containing all recommended metrics is automatically listed on your Dashboards page. To look for specific dashboards, filter by Preset and then by Name.

For existing monitored services, you might need to resave your credentials for the preset dashboard to appear on the Dashboards page. To resave your credentials, go to Settings > Cloud and virtualization > AWS, select the desired AWS instance, and then select Save.
You can't make changes on a preset dashboard directly, but you can clone and edit it. To clone a dashboard, open the browse menu (â¦) and select Clone.
To remove a dashboard from the dashboards page, you can hide it. To hide a dashboard, open the browse menu (â¦) and select Hide.
Hiding a dashboard doesn't affect other users.

To check the availability of preset dashboards for each AWS service, see the list below.
Preset dashboard availability list¶
| AWS service | Preset dashboard |
|---|---|
| Amazon EC2 Auto Scaling (built-in) | Not applicable |
| AWS Lambda (built-in) | Not applicable |
| Amazon Application and Network Load Balancer (built-in) | Not applicable |
| Amazon DynamoDB (built-in) | Not applicable |
| Amazon EBS (built-in) | Not applicable |
| Amazon EC2 (built-in) | Not applicable |
| Amazon Elastic Load Balancer (ELB) (built-in) | Not applicable |
| Amazon RDS (built-in) | Not applicable |
| Amazon S3 (built-in) | Not applicable |
| AWS Certificate Manager Private Certificate Authority | Not applicable |
| All monitored Amazon services | Not applicable |
| Amazon API Gateway | Not applicable |
| AWS App Runner | Not applicable |
| Amazon AppStream | Applicable |
| AWS AppSync | Applicable |
| Amazon Athena | Applicable |
| Amazon Aurora | Not applicable |
| Amazon EC2 Auto Scaling | Applicable |
| AWS Billing | Applicable |
| Amazon Keyspaces | Applicable |
| AWS Chatbot | Applicable |
| Amazon CloudFront | Not applicable |
| AWS CloudHSM | Applicable |
| Amazon CloudSearch | Applicable |
| AWS CodeBuild | Applicable |
| Amazon Cognito | Not applicable |
| Amazon Connect | Applicable |
| AWS DataSync | Applicable |
| Amazon DynamoDB Accelerator (DAX) | Applicable |
| AWS Database Migration Service (AWS DMS) | Applicable |
| Amazon DocumentDB | Applicable |
| AWS Direct Connect | Applicable |
| Amazon DynamoDB | Not applicable |
| Amazon EBS | Not applicable |
| Amazon EC2 Spot Fleet | Not applicable |
| Amazon EC2 API | Applicable |
| Amazon Elastic Container Service (ECS) | Not applicable |
| Amazon ECS Container Insights | Applicable |
| Amazon Elastic File System (EFS) | Not applicable |
| Amazon Elastic Kubernetes Service (EKS) | Applicable |
| Amazon ElastiCache (EC) | Not applicable |
| AWS Elastic Beanstalk | Applicable |
| Amazon Elastic Inference | Applicable |
| Amazon Elastic Transcoder | Applicable |
| Amazon Elastic Map Reduce (EMR) | Not applicable |
| Amazon Elasticsearch Service (ES) | Not applicable |
| Amazon EventBridge | Applicable |
| Amazon FSx | Applicable |
| Amazon GameLift | Applicable |
| AWS Glue | Not applicable |
| Amazon Inspector | Applicable |
| AWS Internet of Things (IoT) | Not applicable |
| AWS IoT Things Graph | Applicable |
| AWS IoT Analytics | Applicable |
| Amazon Managed Streaming for Kafka | Applicable |
| Amazon Kinesis Data Analytics | Not applicable |
| Amazon Data Firehose | Not applicable |
| Amazon Kinesis Data Streams | Not applicable |
| Amazon Kinesis Video Streams | Not applicable |
| AWS Lambda | Not applicable |
| Amazon Lex | Applicable |
| Amazon CloudWatch Logs | Applicable |
| AWS Elemental MediaTailor | Applicable |
| AWS Elemental MediaConnect | Applicable |
| AWS Elemental MediaConvert | Applicable |
| AWS Elemental MediaPackage Live | Applicable |
| AWS Elemental MediaPackage Video on Demand | Applicable |
| Amazon MQ | Applicable |
| Amazon VPC NAT Gateways | Not applicable |
| Amazon Neptune | Applicable |
| AWS OpsWorks | Applicable |
| Amazon Polly | Applicable |
| Amazon QLDB | Applicable |
| Amazon RDS | Not applicable |
| Amazon Redshift | Not applicable |
| Amazon Rekognition | Applicable |
| AWS RoboMaker | Applicable |
| Amazon Route 53 | Applicable |
| Amazon Route 53 Resolver | Applicable |
| Amazon S3 | Not applicable |
| Amazon SageMaker Batch Transform Jobs | Not applicable |
| Amazon SageMaker Endpoints | Not applicable |
| Amazon SageMaker Endpoint Instances | Not applicable |
| Amazon SageMaker Ground Truth | Not applicable |
| Amazon SageMaker Processing Jobs | Not applicable |
| Amazon SageMaker Training Jobs | Not applicable |
| AWS Service Catalog | Applicable |
| Amazon Simple Email Service (SES) | Not applicable |
| Amazon Simple Notification Service (SNS) | Not applicable |
| Amazon Simple Queue Service (SQS) | Not applicable |
| AWS Systems Manager - Run Command | Applicable |
| AWS Step Functions | Applicable |
| AWS Storage Gateway | Applicable |
| Amazon SWF | Applicable |
| Amazon Textract | Applicable |
| AWS Transfer Family | Applicable |
| AWS Transit Gateway | Applicable |
| Amazon Translate | Applicable |
| AWS Trusted Advisor | Applicable |
| AWS API Usage | Applicable |
| AWS Site-to-Site VPN | Applicable |
| AWS WAF Classic | Applicable |
| AWS WAF | Applicable |
| Amazon WorkMail | Applicable |
| Amazon WorkSpaces | Applicable |

Available metrics¶
ConnectionId is the main dimension.
| Name | Description | Unit | Statistics | Dimensions | Recommended |
|---|---|---|---|---|---|
| ConnectionBpsEgress | The bitrate for outbound data from the AWS side of the connection | Bits/Second | Multi | ConnectionId | Applicable |
| ConnectionBpsIngress | The bitrate for inbound data to the AWS side of the connection | Bits/Second | Multi | ConnectionId | Applicable |
| ConnectionErrorCount | The total error count for all types of MAC level errors on the AWS device | Count | Sum | ConnectionId | Applicable |
| ConnectionLightLevelRx | The health of the fiber connection for inbound (ingress) traffic to the AWS side of the connection | DecibelMilliWatts | Multi | ConnectionId, OpticalLaneNumber | Applicable |
| ConnectionLightLevelTx | The health of the fiber connection for outbound (egress) traffic from the AWS side of the connection | DecibelMilliWatts | Multi | ConnectionId, OpticalLaneNumber | Applicable |
| ConnectionPpsEgress | The packet rate for outbound data from the AWS side of the connection | Count/Second | Multi | ConnectionId | |
| ConnectionPpsIngress | The packet rate for inbound data to the AWS side of the connection | Count/Second | Multi | ConnectionId | |
| ConnectionState | The state of the connection (up or down) | None | Multi | ConnectionId | Applicable |
| VirtualInterfaceBpsEgress | The bitrate for outbound data from the AWS side of the virtual interface | Bits/Second | Multi | ConnectionId, VirtualInterfaceId | Applicable |
| VirtualInterfaceBpsIngress | The bitrate for inbound data to the AWS side of the virtual interface | Bits/Second | Multi | ConnectionId, VirtualInterfaceId | Applicable |
| VirtualInterfacePpsEgress | The packet rate for outbound data from the AWS side of the virtual interface | Count/Second | Multi | ConnectionId, VirtualInterfaceId | |
| VirtualInterfacePpsIngress | The packet rate for inbound data to the AWS side of the virtual interface | Count/Second | Multi | ConnectionId, VirtualInterfaceId |
Source: aws-service-dynamodb-new.md¶
title: Amazon DynamoDB monitoring source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-with-aws/aws-all-services/aws-service-dynamodb-new scraped: 2026-02-15T09:13:53.543098
Amazon DynamoDB monitoring¶
Amazon DynamoDB monitoring¶
- How-to guide
- 7-min read
- Updated on Nov 15, 2023
For information about differences between classic services and other services, see Migrate from AWS classic (formerly 'built-in') services to cloud services.
Dynatrace ingests metrics for multiple preselected namespaces, including Amazon DynamoDB. You can view metrics for each service instance, split metrics into multiple dimensions, and create custom charts that you can pin to your dashboards.
Prerequisites¶
To enable monitoring for this service, you need
-
ActiveGate version 1.197+
-
For Dynatrace SaaS deployments, you need an Environment ActiveGate or a Multi-environment ActiveGate.
For role-based access in SaaS deployment, you need an Environment ActiveGate installed on an Amazon EC2 host.
- Dynatrace version 1.200+
- An updated AWS monitoring policy to include the additional AWS services.
To update the AWS IAM policy, use the JSON below, containing the monitoring policy (permissions) for all supporting services.
JSON predefined policy for all supporting services
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"acm-pca:ListCertificateAuthorities",
"apigateway:GET",
"apprunner:ListServices",
"appstream:DescribeFleets",
"appsync:ListGraphqlApis",
"athena:ListWorkGroups",
"autoscaling:DescribeAutoScalingGroups",
"cloudformation:ListStackResources",
"cloudfront:ListDistributions",
"cloudhsm:DescribeClusters",
"cloudsearch:DescribeDomains",
"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"codebuild:ListProjects",
"datasync:ListTasks",
"dax:DescribeClusters",
"directconnect:DescribeConnections",
"dms:DescribeReplicationInstances",
"dynamodb:ListTables",
"dynamodb:ListTagsOfResource",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeInstances",
"ec2:DescribeNatGateways",
"ec2:DescribeSpotFleetRequests",
"ec2:DescribeTransitGateways",
"ec2:DescribeVolumes",
"ec2:DescribeVpnConnections",
"ecs:ListClusters",
"eks:ListClusters",
"elasticache:DescribeCacheClusters",
"elasticbeanstalk:DescribeEnvironmentResources",
"elasticbeanstalk:DescribeEnvironments",
"elasticfilesystem:DescribeFileSystems",
"elasticloadbalancing:DescribeInstanceHealth",
"elasticloadbalancing:DescribeListeners",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeRules",
"elasticloadbalancing:DescribeTags",
"elasticloadbalancing:DescribeTargetHealth",
"elasticmapreduce:ListClusters",
"elastictranscoder:ListPipelines",
"es:ListDomainNames",
"events:ListEventBuses",
"firehose:ListDeliveryStreams",
"fsx:DescribeFileSystems",
"gamelift:ListFleets",
"glue:GetJobs",
"inspector:ListAssessmentTemplates",
"kafka:ListClusters",
"kinesis:ListStreams",
"kinesisanalytics:ListApplications",
"kinesisvideo:ListStreams",
"lambda:ListFunctions",
"lambda:ListTags",
"lex:GetBots",
"logs:DescribeLogGroups",
"mediaconnect:ListFlows",
"mediaconvert:DescribeEndpoints",
"mediapackage-vod:ListPackagingConfigurations",
"mediapackage:ListChannels",
"mediatailor:ListPlaybackConfigurations",
"opsworks:DescribeStacks",
"qldb:ListLedgers",
"rds:DescribeDBClusters",
"rds:DescribeDBInstances",
"rds:DescribeEvents",
"rds:ListTagsForResource",
"redshift:DescribeClusters",
"robomaker:ListSimulationJobs",
"route53:ListHostedZones",
"route53resolver:ListResolverEndpoints",
"s3:ListAllMyBuckets",
"sagemaker:ListEndpoints",
"sns:ListTopics",
"sqs:ListQueues",
"storagegateway:ListGateways",
"sts:GetCallerIdentity",
"swf:ListDomains",
"tag:GetResources",
"tag:GetTagKeys",
"transfer:ListServers",
"workmail:ListOrganizations",
"workspaces:DescribeWorkspaces"
],
"Resource": "*"
}
]
}
If you don't want to add permissions to all services, and just select permissions for certain services, consult the table below. The table contains a set of permissions that are required for All AWS cloud services and, for each supporting service, a list of optional permissions specific to that service.
Permissions required for AWS monitoring integration:
"cloudwatch:GetMetricData""cloudwatch:GetMetricStatistics""cloudwatch:ListMetrics""sts:GetCallerIdentity""tag:GetResources""tag:GetTagKeys""ec2:DescribeAvailabilityZones"
Complete list of permissions for cloud services¶
| Name | Permissions |
|---|---|
| All monitored Amazon services Required | cloudwatch:GetMetricData, cloudwatch:GetMetricStatistics, cloudwatch:ListMetrics, sts:GetCallerIdentity, tag:GetResources, tag:GetTagKeys, ec2:DescribeAvailabilityZones |
| AWS Certificate Manager Private Certificate Authority | acm-pca:ListCertificateAuthorities |
| Amazon MQ | |
| Amazon API Gateway | apigateway:GET |
| AWS App Runner | apprunner:ListServices |
| Amazon AppStream | appstream:DescribeFleets |
| AWS AppSync | appsync:ListGraphqlApis |
| Amazon Athena | athena:ListWorkGroups |
| Amazon Aurora | rds:DescribeDBClusters |
| Amazon EC2 Auto Scaling | autoscaling:DescribeAutoScalingGroups |
| Amazon EC2 Auto Scaling (built-in) | autoscaling:DescribeAutoScalingGroups |
| AWS Billing | |
| Amazon Keyspaces | |
| AWS Chatbot | |
| Amazon CloudFront | cloudfront:ListDistributions |
| AWS CloudHSM | cloudhsm:DescribeClusters |
| Amazon CloudSearch | cloudsearch:DescribeDomains |
| AWS CodeBuild | codebuild:ListProjects |
| Amazon Cognito | |
| Amazon Connect | |
| Amazon Elastic Kubernetes Service (EKS) | eks:ListClusters |
| AWS DataSync | datasync:ListTasks |
| Amazon DynamoDB Accelerator (DAX) | dax:DescribeClusters |
| AWS Database Migration Service (AWS DMS) | dms:DescribeReplicationInstances |
| Amazon DocumentDB | rds:DescribeDBClusters |
| AWS Direct Connect | directconnect:DescribeConnections |
| Amazon DynamoDB | dynamodb:ListTables |
| Amazon DynamoDB (built-in) | dynamodb:ListTables, dynamodb:ListTagsOfResource |
| Amazon EBS | ec2:DescribeVolumes |
| Amazon EBS (built-in) | ec2:DescribeVolumes |
| Amazon EC2 API | |
| Amazon EC2 (built-in) | ec2:DescribeInstances |
| Amazon EC2 Spot Fleet | ec2:DescribeSpotFleetRequests |
| Amazon Elastic Container Service (ECS) | ecs:ListClusters |
| Amazon ECS Container Insights | ecs:ListClusters |
| Amazon ElastiCache (EC) | elasticache:DescribeCacheClusters |
| AWS Elastic Beanstalk | elasticbeanstalk:DescribeEnvironments |
| Amazon Elastic File System (EFS) | elasticfilesystem:DescribeFileSystems |
| Amazon Elastic Inference | |
| Amazon Elastic Map Reduce (EMR) | elasticmapreduce:ListClusters |
| Amazon Elasticsearch Service (ES) | es:ListDomainNames |
| Amazon Elastic Transcoder | elastictranscoder:ListPipelines |
| Amazon Elastic Load Balancer (ELB) (built-in) | elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth |
| Amazon EventBridge | events:ListEventBuses |
| Amazon FSx | fsx:DescribeFileSystems |
| Amazon GameLift | gamelift:ListFleets |
| AWS Glue | glue:GetJobs |
| Amazon Inspector | inspector:ListAssessmentTemplates |
| AWS Internet of Things (IoT) | |
| AWS IoT Analytics | |
| Amazon Managed Streaming for Kafka | kafka:ListClusters |
| Amazon Kinesis Data Analytics | kinesisanalytics:ListApplications |
| Amazon Data Firehose | firehose:ListDeliveryStreams |
| Amazon Kinesis Data Streams | kinesis:ListStreams |
| Amazon Kinesis Video Streams | kinesisvideo:ListStreams |
| AWS Lambda | lambda:ListFunctions |
| AWS Lambda (built-in) | lambda:ListFunctions, lambda:ListTags |
| Amazon Lex | lex:GetBots |
| Amazon Application and Network Load Balancer (built-in) | elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth |
| Amazon CloudWatch Logs | logs:DescribeLogGroups |
| AWS Elemental MediaConnect | mediaconnect:ListFlows |
| AWS Elemental MediaConvert | mediaconvert:DescribeEndpoints |
| AWS Elemental MediaPackage Live | mediapackage:ListChannels |
| AWS Elemental MediaPackage Video on Demand | mediapackage-vod:ListPackagingConfigurations |
| AWS Elemental MediaTailor | mediatailor:ListPlaybackConfigurations |
| Amazon VPC NAT Gateways | ec2:DescribeNatGateways |
| Amazon Neptune | rds:DescribeDBClusters |
| AWS OpsWorks | opsworks:DescribeStacks |
| Amazon Polly | |
| Amazon QLDB | qldb:ListLedgers |
| Amazon RDS | rds:DescribeDBInstances |
| Amazon RDS (built-in) | rds:DescribeDBInstances, rds:DescribeEvents, rds:ListTagsForResource |
| Amazon Redshift | redshift:DescribeClusters |
| Amazon Rekognition | |
| AWS RoboMaker | robomaker:ListSimulationJobs |
| Amazon Route 53 | route53:ListHostedZones |
| Amazon Route 53 Resolver | route53resolver:ListResolverEndpoints |
| Amazon S3 | s3:ListAllMyBuckets |
| Amazon S3 (built-in) | s3:ListAllMyBuckets |
| Amazon SageMaker Batch Transform Jobs | |
| Amazon SageMaker Endpoint Instances | sagemaker:ListEndpoints |
| Amazon SageMaker Endpoints | sagemaker:ListEndpoints |
| Amazon SageMaker Ground Truth | |
| Amazon SageMaker Processing Jobs | |
| Amazon SageMaker Training Jobs | |
| AWS Service Catalog | |
| Amazon Simple Email Service (SES) | |
| Amazon Simple Notification Service (SNS) | sns:ListTopics |
| Amazon Simple Queue Service (SQS) | sqs:ListQueues |
| AWS Systems Manager - Run Command | |
| AWS Step Functions | |
| AWS Storage Gateway | storagegateway:ListGateways |
| Amazon SWF | swf:ListDomains |
| Amazon Textract | |
| AWS IoT Things Graph | |
| AWS Transfer Family | transfer:ListServers |
| AWS Transit Gateway | ec2:DescribeTransitGateways |
| Amazon Translate | |
| AWS Trusted Advisor | |
| AWS API Usage | |
| AWS Site-to-Site VPN | ec2:DescribeVpnConnections |
| AWS WAF Classic | |
| AWS WAF | |
| Amazon WorkMail | workmail:ListOrganizations |
| Amazon WorkSpaces | workspaces:DescribeWorkspaces |
Example of JSON policy for one single service.
JSON policy for Amazon API Gateway
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"apigateway:GET",
"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"sts:GetCallerIdentity",
"tag:GetResources",
"tag:GetTagKeys",
"ec2:DescribeAvailabilityZones"
],
"Resource": "*"
}
]
}
In this example, from the complete list of permissions you need to select
"apigateway:GET"for Amazon API Gateway"cloudwatch:GetMetricData","cloudwatch:GetMetricStatistics","cloudwatch:ListMetrics","sts:GetCallerIdentity","tag:GetResources","tag:GetTagKeys", and"ec2:DescribeAvailabilityZones"for All AWS cloud services.
AWS endpoints that need to be reachable from ActiveGate with corresponding AWS services¶
| Endpoint | Service |
|---|---|
autoscaling.<REGION>.amazonaws.com |
Amazon EC2 Auto Scaling (built-in), Amazon EC2 Auto Scaling |
lambda.<REGION>.amazonaws.com |
AWS Lambda (built-in), AWS Lambda |
elasticloadbalancing.<REGION>.amazonaws.com |
Amazon Application and Network Load Balancer (built-in), Amazon Elastic Load Balancer (ELB) (built-in) |
dynamodb.<REGION>.amazonaws.com |
Amazon DynamoDB (built-in), Amazon DynamoDB |
ec2.<REGION>.amazonaws.com |
Amazon EBS (built-in), Amazon EC2 (built-in), Amazon EBS, Amazon EC2 Spot Fleet, Amazon VPC NAT Gateways, AWS Transit Gateway, AWS Site-to-Site VPN |
rds.<REGION>.amazonaws.com |
Amazon RDS (built-in), Amazon Aurora, Amazon DocumentDB, Amazon Neptune, Amazon RDS |
s3.<REGION>.amazonaws.com |
Amazon S3 (built-in) |
acm-pca.<REGION>.amazonaws.com |
AWS Certificate Manager Private Certificate Authority |
apigateway.<REGION>.amazonaws.com |
Amazon API Gateway |
apprunner.<REGION>.amazonaws.com |
AWS App Runner |
appstream2.<REGION>.amazonaws.com |
Amazon AppStream |
appsync.<REGION>.amazonaws.com |
AWS AppSync |
athena.<REGION>.amazonaws.com |
Amazon Athena |
cloudfront.amazonaws.com |
Amazon CloudFront |
cloudhsmv2.<REGION>.amazonaws.com |
AWS CloudHSM |
cloudsearch.<REGION>.amazonaws.com |
Amazon CloudSearch |
codebuild.<REGION>.amazonaws.com |
AWS CodeBuild |
datasync.<REGION>.amazonaws.com |
AWS DataSync |
dax.<REGION>.amazonaws.com |
Amazon DynamoDB Accelerator (DAX) |
dms.<REGION>.amazonaws.com |
AWS Database Migration Service (AWS DMS) |
directconnect.<REGION>.amazonaws.com |
AWS Direct Connect |
ecs.<REGION>.amazonaws.com |
Amazon Elastic Container Service (ECS), Amazon ECS Container Insights |
elasticfilesystem.<REGION>.amazonaws.com |
Amazon Elastic File System (EFS) |
eks.<REGION>.amazonaws.com |
Amazon Elastic Kubernetes Service (EKS) |
elasticache.<REGION>.amazonaws.com |
Amazon ElastiCache (EC) |
elasticbeanstalk.<REGION>.amazonaws.com |
AWS Elastic Beanstalk |
elastictranscoder.<REGION>.amazonaws.com |
Amazon Elastic Transcoder |
es.<REGION>.amazonaws.com |
Amazon Elasticsearch Service (ES) |
events.<REGION>.amazonaws.com |
Amazon EventBridge |
fsx.<REGION>.amazonaws.com |
Amazon FSx |
gamelift.<REGION>.amazonaws.com |
Amazon GameLift |
glue.<REGION>.amazonaws.com |
AWS Glue |
inspector.<REGION>.amazonaws.com |
Amazon Inspector |
kafka.<REGION>.amazonaws.com |
Amazon Managed Streaming for Kafka |
models.lex.<REGION>.amazonaws.com |
Amazon Lex |
logs.<REGION>.amazonaws.com |
Amazon CloudWatch Logs |
api.mediatailor.<REGION>.amazonaws.com |
AWS Elemental MediaTailor |
mediaconnect.<REGION>.amazonaws.com |
AWS Elemental MediaConnect |
mediapackage.<REGION>.amazonaws.com |
AWS Elemental MediaPackage Live |
mediapackage-vod.<REGION>.amazonaws.com |
AWS Elemental MediaPackage Video on Demand |
opsworks.<REGION>.amazonaws.com |
AWS OpsWorks |
qldb.<REGION>.amazonaws.com |
Amazon QLDB |
redshift.<REGION>.amazonaws.com |
Amazon Redshift |
robomaker.<REGION>.amazonaws.com |
AWS RoboMaker |
route53.amazonaws.com |
Amazon Route 53 |
route53resolver.<REGION>.amazonaws.com |
Amazon Route 53 Resolver |
api.sagemaker.<REGION>.amazonaws.com |
Amazon SageMaker Endpoints, Amazon SageMaker Endpoint Instances |
sns.<REGION>.amazonaws.com |
Amazon Simple Notification Service (SNS) |
sqs.<REGION>.amazonaws.com |
Amazon Simple Queue Service (SQS) |
storagegateway.<REGION>.amazonaws.com |
AWS Storage Gateway |
swf.<REGION>.amazonaws.com |
Amazon SWF |
transfer.<REGION>.amazonaws.com |
AWS Transfer Family |
workmail.<REGION>.amazonaws.com |
Amazon WorkMail |
workspaces.<REGION>.amazonaws.com |
Amazon WorkSpaces |
Enable monitoring¶
To learn how to enable service monitoring, see Enable service monitoring.
View service metrics¶
You can view the service metrics in your Dynatrace environment either on the custom device overview page or on your Dashboards page.
View metrics on the custom device overview page¶
To access the custom device overview page
- Go to
Technologies & Processes Classic. - Filter by service name and select the relevant custom device group.
- Once you select the custom device group, you're on the custom device group overview page.
- The custom device group overview page lists all instances (custom devices) belonging to the group. Select an instance to view the custom device overview page.
View metrics on your dashboard¶
You can also view metrics in the Dynatrace web UI on dashboards. There is no preset dashboard available for this service, but you can create your own dashboard.
To check the availability of preset dashboards for each AWS service, see the list below.
Preset dashboard availability list¶
| AWS service | Preset dashboard |
|---|---|
| Amazon EC2 Auto Scaling (built-in) | Not applicable |
| AWS Lambda (built-in) | Not applicable |
| Amazon Application and Network Load Balancer (built-in) | Not applicable |
| Amazon DynamoDB (built-in) | Not applicable |
| Amazon EBS (built-in) | Not applicable |
| Amazon EC2 (built-in) | Not applicable |
| Amazon Elastic Load Balancer (ELB) (built-in) | Not applicable |
| Amazon RDS (built-in) | Not applicable |
| Amazon S3 (built-in) | Not applicable |
| AWS Certificate Manager Private Certificate Authority | Not applicable |
| All monitored Amazon services | Not applicable |
| Amazon API Gateway | Not applicable |
| AWS App Runner | Not applicable |
| Amazon AppStream | Applicable |
| AWS AppSync | Applicable |
| Amazon Athena | Applicable |
| Amazon Aurora | Not applicable |
| Amazon EC2 Auto Scaling | Applicable |
| AWS Billing | Applicable |
| Amazon Keyspaces | Applicable |
| AWS Chatbot | Applicable |
| Amazon CloudFront | Not applicable |
| AWS CloudHSM | Applicable |
| Amazon CloudSearch | Applicable |
| AWS CodeBuild | Applicable |
| Amazon Cognito | Not applicable |
| Amazon Connect | Applicable |
| AWS DataSync | Applicable |
| Amazon DynamoDB Accelerator (DAX) | Applicable |
| AWS Database Migration Service (AWS DMS) | Applicable |
| Amazon DocumentDB | Applicable |
| AWS Direct Connect | Applicable |
| Amazon DynamoDB | Not applicable |
| Amazon EBS | Not applicable |
| Amazon EC2 Spot Fleet | Not applicable |
| Amazon EC2 API | Applicable |
| Amazon Elastic Container Service (ECS) | Not applicable |
| Amazon ECS Container Insights | Applicable |
| Amazon Elastic File System (EFS) | Not applicable |
| Amazon Elastic Kubernetes Service (EKS) | Applicable |
| Amazon ElastiCache (EC) | Not applicable |
| AWS Elastic Beanstalk | Applicable |
| Amazon Elastic Inference | Applicable |
| Amazon Elastic Transcoder | Applicable |
| Amazon Elastic Map Reduce (EMR) | Not applicable |
| Amazon Elasticsearch Service (ES) | Not applicable |
| Amazon EventBridge | Applicable |
| Amazon FSx | Applicable |
| Amazon GameLift | Applicable |
| AWS Glue | Not applicable |
| Amazon Inspector | Applicable |
| AWS Internet of Things (IoT) | Not applicable |
| AWS IoT Things Graph | Applicable |
| AWS IoT Analytics | Applicable |
| Amazon Managed Streaming for Kafka | Applicable |
| Amazon Kinesis Data Analytics | Not applicable |
| Amazon Data Firehose | Not applicable |
| Amazon Kinesis Data Streams | Not applicable |
| Amazon Kinesis Video Streams | Not applicable |
| AWS Lambda | Not applicable |
| Amazon Lex | Applicable |
| Amazon CloudWatch Logs | Applicable |
| AWS Elemental MediaTailor | Applicable |
| AWS Elemental MediaConnect | Applicable |
| AWS Elemental MediaConvert | Applicable |
| AWS Elemental MediaPackage Live | Applicable |
| AWS Elemental MediaPackage Video on Demand | Applicable |
| Amazon MQ | Applicable |
| Amazon VPC NAT Gateways | Not applicable |
| Amazon Neptune | Applicable |
| AWS OpsWorks | Applicable |
| Amazon Polly | Applicable |
| Amazon QLDB | Applicable |
| Amazon RDS | Not applicable |
| Amazon Redshift | Not applicable |
| Amazon Rekognition | Applicable |
| AWS RoboMaker | Applicable |
| Amazon Route 53 | Applicable |
| Amazon Route 53 Resolver | Applicable |
| Amazon S3 | Not applicable |
| Amazon SageMaker Batch Transform Jobs | Not applicable |
| Amazon SageMaker Endpoints | Not applicable |
| Amazon SageMaker Endpoint Instances | Not applicable |
| Amazon SageMaker Ground Truth | Not applicable |
| Amazon SageMaker Processing Jobs | Not applicable |
| Amazon SageMaker Training Jobs | Not applicable |
| AWS Service Catalog | Applicable |
| Amazon Simple Email Service (SES) | Not applicable |
| Amazon Simple Notification Service (SNS) | Not applicable |
| Amazon Simple Queue Service (SQS) | Not applicable |
| AWS Systems Manager - Run Command | Applicable |
| AWS Step Functions | Applicable |
| AWS Storage Gateway | Applicable |
| Amazon SWF | Applicable |
| Amazon Textract | Applicable |
| AWS Transfer Family | Applicable |
| AWS Transit Gateway | Applicable |
| Amazon Translate | Applicable |
| AWS Trusted Advisor | Applicable |
| AWS API Usage | Applicable |
| AWS Site-to-Site VPN | Applicable |
| AWS WAF Classic | Applicable |
| AWS WAF | Applicable |
| Amazon WorkMail | Applicable |
| Amazon WorkSpaces | Applicable |
Available metrics¶
This service monitors a part of Amazon DynamoDB (AWS/DynamoDB). While you have this service configured, you can't have Amazon Dynamo Database (built-in) service turned on.
TableName is the main dimension.
| Name | Description | Dimensions | Unit | Recommended |
|---|---|---|---|---|
| ConsumedReadCapacityUnits | The number of read capacity units consumed over the specified time period for both provisioned and on-demand capacity, so you can track how much of your throughput is used. | TableName | Count | Applicable |
| ConsumedReadCapacityUnits | The number of read capacity units consumed over the specified time period for both provisioned and on-demand capacity, so you can track how much of your throughput is used. | TableName, GlobalSecondaryIndexName | Count | |
| MaxProvisionedTableReadCapacityUtilization | The percentage of provisioned read capacity utilized by the highest provisioned read table or global secondary index of an account. | Region | Percent | |
| SuccessfulRequestLatency | The latency of successful requests to DynamoDB or Amazon DynamoDB Streams during the specified time period. | TableName, Operation | Milliseconds | Applicable |
| ReturnedItemCount | The number of items returned by Query, Scan or ExecuteStatement (select) operations during the specified time period. | TableName, Operation | Count | Applicable |
| AccountProvisionedReadCapacityUtilization | The percentage of provisioned read capacity units utilized by an account. | Region | Percent | |
| MaxProvisionedTableWriteCapacityUtilization | The percentage of provisioned write capacity utilized by the highest provisioned write table or global secondary index of an account. | Region | Percent | |
| AccountMaxTableLevelWrites | The maximum number of write capacity units that can be used by a table or global secondary index of an account. | Region | Count | |
| AccountMaxReads | The maximum number of read capacity units that can be used by an account. | Region | Count | |
| ConsumedWriteCapacityUnits | The number of write capacity units consumed over the specified time period for both provisioned and on-demand capacity, so you can track how much of your throughput is used. | TableName | Count | Applicable |
| ConsumedWriteCapacityUnits | The number of write capacity units consumed over the specified time period for both provisioned and on-demand capacity, so you can track how much of your throughput is used. | TableName, GlobalSecondaryIndexName | Count | |
| AccountMaxTableLevelReads | The maximum number of read capacity units that can be used by a table or global secondary index of an account. | Region | Count | |
| ProvisionedReadCapacityUnits | The number of provisioned read capacity units for a table or a global secondary index. | TableName | Count | Applicable |
| ProvisionedReadCapacityUnits | The number of provisioned read capacity units for a table or a global secondary index. | TableName, GlobalSecondaryIndexName | Count | |
| ProvisionedWriteCapacityUnits | The number of provisioned write capacity units for a table or a global secondary index. | TableName | Count | Applicable |
| ProvisionedWriteCapacityUnits | The number of provisioned write capacity units for a table or a global secondary index. | TableName, GlobalSecondaryIndexName | Count | |
| AccountProvisionedWriteCapacityUtilization | The percentage of provisioned write capacity units utilized by an account. | Region | Percent | |
| AccountMaxWrites | The maximum number of write capacity units that can be used by an account. | Region | Count | |
| AgeOfOldestUnreplicatedRecord | The elapsed time since a record yet to be replicated to the Kinesis data stream first appeared in the DynamoDB table. | TableName, DelegatedOperation | Milliseconds | |
| ConditionalCheckFailedRequests | The number of failed attempts to perform conditional writes. | TableName | Count | Applicable |
| ConsumedChangeDataCaptureUnits | TableName, DelegatedOperation | Count | ||
| FailedToReplicateRecordCount | The number of records that DynamoDB failed to replicate to your Kinesis data stream. | TableName, DelegatedOperation | Count | |
| OnlineIndexConsumedWriteCapacity | The number of write capacity units consumed when adding a new global secondary index to a table. | TableName | Count | |
| OnlineIndexConsumedWriteCapacity | The number of write capacity units consumed when adding a new global secondary index to a table. | TableName, GlobalSecondaryIndexName | Count | |
| OnlineIndexPercentageProgress | The percentage of completion when a new global secondary index is being added to a table. | TableName | Count | |
| OnlineIndexPercentageProgress | The percentage of completion when a new global secondary index is being added to a table. | TableName, GlobalSecondaryIndexName | Count | |
| OnlineIndexThrottleEvents | The number of write throttle events that occur when adding a new global secondary index to a table. | TableName | Count | |
| OnlineIndexThrottleEvents | The number of write throttle events that occur when adding a new global secondary index to a table. | TableName, GlobalSecondaryIndexName | Count | |
| PendingReplicationCount | The number of item updates that are written to one replica table, but that have not yet been written to another replica in the global table. | TableName, ReceivingRegion | Count | |
| ReadThrottleEvents | Requests to DynamoDB that exceed the provisioned read capacity units for a table or a global secondary index. | TableName | Count | Applicable |
| ReadThrottleEvents | Requests to DynamoDB that exceed the provisioned read capacity units for a table or a global secondary index. | TableName, GlobalSecondaryIndexName | Count | |
| ReplicationLatency | The elapsed time between an updated item appearing in the DynamoDB stream for one replica table, and that item appearing in another replica in the global table. | TableName, ReceivingRegion | Milliseconds | |
| ReturnedBytes | The number of bytes returned by GetRecords operations (Amazon DynamoDB Streams) during the specified time period. | TableName, Operation, StreamLabel | Bytes | |
| ReturnedRecordsCount | The number of stream records returned by GetRecords operations (Amazon DynamoDB Streams) during the specified time period. | TableName, Operation, StreamLabel | Count | |
| SystemErrors | The requests to DynamoDB or Amazon DynamoDB Streams that generate an HTTP 500 status code during the specified time period. | TableName, Operation | Count | Applicable |
| TimeToLiveDeletedItemCount | The number of items deleted by Time to Live (TTL) during the specified time period. | TableName | Count | |
| ThrottledPutRecordCount | The number of records that were throttled by your Kinesis data stream due to insufficient Kinesis Data Streams capacity. | TableName, DelegatedOperation | Count | |
| ThrottledRequests | Requests to DynamoDB that exceed the provisioned throughput limits on a resource (such as a table or an index). | TableName, Operation | Count | Applicable |
| TransactionConflict | Rejected item-level requests due to transactional conflicts between concurrent requests on the same items. | TableName | Count | Applicable |
| UserErrors | Requests to DynamoDB or Amazon DynamoDB Streams that generate an HTTP 400 status code during the specified time period. | Region | Count | Applicable |
| WriteThrottleEvents | Requests to DynamoDB that exceed the provisioned write capacity units for a table or a global secondary index. | TableName | Count | Applicable |
| WriteThrottleEvents | Requests to DynamoDB that exceed the provisioned write capacity units for a table or a global secondary index. | TableName, GlobalSecondaryIndexName | Count |
Source: aws-service-ebs-new.md¶
title: Amazon EBS (Elastic Block Store) monitoring source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-with-aws/aws-all-services/aws-service-ebs-new scraped: 2026-02-16T21:32:45.009195
Amazon EBS (Elastic Block Store) monitoring¶
Amazon EBS (Elastic Block Store) monitoring¶
- How-to guide
- 4-min read
- Updated on Apr 08, 2025
For information about differences between classic services and other services, see Migrate from AWS classic (formerly 'built-in') services to cloud services.
Dynatrace ingests metrics for multiple preselected namespaces, including Amazon EBS. You can view metrics for each service instance, split metrics into multiple dimensions, and create custom charts that you can pin to your dashboards.
Prerequisites¶
To enable monitoring for this service, you need
-
ActiveGate version 1.197+
-
For Dynatrace SaaS deployments, you need an Environment ActiveGate or a Multi-environment ActiveGate.
For role-based access in SaaS deployment, you need an Environment ActiveGate installed on an Amazon EC2 host.
- Dynatrace version 1.200+
- An updated AWS monitoring policy to include the additional AWS services.
To update the AWS IAM policy, use the JSON below, containing the monitoring policy (permissions) for all supporting services.
JSON predefined policy for all supporting services
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"acm-pca:ListCertificateAuthorities",
"apigateway:GET",
"apprunner:ListServices",
"appstream:DescribeFleets",
"appsync:ListGraphqlApis",
"athena:ListWorkGroups",
"autoscaling:DescribeAutoScalingGroups",
"cloudformation:ListStackResources",
"cloudfront:ListDistributions",
"cloudhsm:DescribeClusters",
"cloudsearch:DescribeDomains",
"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"codebuild:ListProjects",
"datasync:ListTasks",
"dax:DescribeClusters",
"directconnect:DescribeConnections",
"dms:DescribeReplicationInstances",
"dynamodb:ListTables",
"dynamodb:ListTagsOfResource",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeInstances",
"ec2:DescribeNatGateways",
"ec2:DescribeSpotFleetRequests",
"ec2:DescribeTransitGateways",
"ec2:DescribeVolumes",
"ec2:DescribeVpnConnections",
"ecs:ListClusters",
"eks:ListClusters",
"elasticache:DescribeCacheClusters",
"elasticbeanstalk:DescribeEnvironmentResources",
"elasticbeanstalk:DescribeEnvironments",
"elasticfilesystem:DescribeFileSystems",
"elasticloadbalancing:DescribeInstanceHealth",
"elasticloadbalancing:DescribeListeners",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeRules",
"elasticloadbalancing:DescribeTags",
"elasticloadbalancing:DescribeTargetHealth",
"elasticmapreduce:ListClusters",
"elastictranscoder:ListPipelines",
"es:ListDomainNames",
"events:ListEventBuses",
"firehose:ListDeliveryStreams",
"fsx:DescribeFileSystems",
"gamelift:ListFleets",
"glue:GetJobs",
"inspector:ListAssessmentTemplates",
"kafka:ListClusters",
"kinesis:ListStreams",
"kinesisanalytics:ListApplications",
"kinesisvideo:ListStreams",
"lambda:ListFunctions",
"lambda:ListTags",
"lex:GetBots",
"logs:DescribeLogGroups",
"mediaconnect:ListFlows",
"mediaconvert:DescribeEndpoints",
"mediapackage-vod:ListPackagingConfigurations",
"mediapackage:ListChannels",
"mediatailor:ListPlaybackConfigurations",
"opsworks:DescribeStacks",
"qldb:ListLedgers",
"rds:DescribeDBClusters",
"rds:DescribeDBInstances",
"rds:DescribeEvents",
"rds:ListTagsForResource",
"redshift:DescribeClusters",
"robomaker:ListSimulationJobs",
"route53:ListHostedZones",
"route53resolver:ListResolverEndpoints",
"s3:ListAllMyBuckets",
"sagemaker:ListEndpoints",
"sns:ListTopics",
"sqs:ListQueues",
"storagegateway:ListGateways",
"sts:GetCallerIdentity",
"swf:ListDomains",
"tag:GetResources",
"tag:GetTagKeys",
"transfer:ListServers",
"workmail:ListOrganizations",
"workspaces:DescribeWorkspaces"
],
"Resource": "*"
}
]
}
If you don't want to add permissions to all services, and just select permissions for certain services, consult the table below. The table contains a set of permissions that are required for All AWS cloud services and, for each supporting service, a list of optional permissions specific to that service.
Permissions required for AWS monitoring integration:
"cloudwatch:GetMetricData""cloudwatch:GetMetricStatistics""cloudwatch:ListMetrics""sts:GetCallerIdentity""tag:GetResources""tag:GetTagKeys""ec2:DescribeAvailabilityZones"
Complete list of permissions for cloud services¶
| Name | Permissions |
|---|---|
| All monitored Amazon services Required | cloudwatch:GetMetricData, cloudwatch:GetMetricStatistics, cloudwatch:ListMetrics, sts:GetCallerIdentity, tag:GetResources, tag:GetTagKeys, ec2:DescribeAvailabilityZones |
| AWS Certificate Manager Private Certificate Authority | acm-pca:ListCertificateAuthorities |
| Amazon MQ | |
| Amazon API Gateway | apigateway:GET |
| AWS App Runner | apprunner:ListServices |
| Amazon AppStream | appstream:DescribeFleets |
| AWS AppSync | appsync:ListGraphqlApis |
| Amazon Athena | athena:ListWorkGroups |
| Amazon Aurora | rds:DescribeDBClusters |
| Amazon EC2 Auto Scaling | autoscaling:DescribeAutoScalingGroups |
| Amazon EC2 Auto Scaling (built-in) | autoscaling:DescribeAutoScalingGroups |
| AWS Billing | |
| Amazon Keyspaces | |
| AWS Chatbot | |
| Amazon CloudFront | cloudfront:ListDistributions |
| AWS CloudHSM | cloudhsm:DescribeClusters |
| Amazon CloudSearch | cloudsearch:DescribeDomains |
| AWS CodeBuild | codebuild:ListProjects |
| Amazon Cognito | |
| Amazon Connect | |
| Amazon Elastic Kubernetes Service (EKS) | eks:ListClusters |
| AWS DataSync | datasync:ListTasks |
| Amazon DynamoDB Accelerator (DAX) | dax:DescribeClusters |
| AWS Database Migration Service (AWS DMS) | dms:DescribeReplicationInstances |
| Amazon DocumentDB | rds:DescribeDBClusters |
| AWS Direct Connect | directconnect:DescribeConnections |
| Amazon DynamoDB | dynamodb:ListTables |
| Amazon DynamoDB (built-in) | dynamodb:ListTables, dynamodb:ListTagsOfResource |
| Amazon EBS | ec2:DescribeVolumes |
| Amazon EBS (built-in) | ec2:DescribeVolumes |
| Amazon EC2 API | |
| Amazon EC2 (built-in) | ec2:DescribeInstances |
| Amazon EC2 Spot Fleet | ec2:DescribeSpotFleetRequests |
| Amazon Elastic Container Service (ECS) | ecs:ListClusters |
| Amazon ECS Container Insights | ecs:ListClusters |
| Amazon ElastiCache (EC) | elasticache:DescribeCacheClusters |
| AWS Elastic Beanstalk | elasticbeanstalk:DescribeEnvironments |
| Amazon Elastic File System (EFS) | elasticfilesystem:DescribeFileSystems |
| Amazon Elastic Inference | |
| Amazon Elastic Map Reduce (EMR) | elasticmapreduce:ListClusters |
| Amazon Elasticsearch Service (ES) | es:ListDomainNames |
| Amazon Elastic Transcoder | elastictranscoder:ListPipelines |
| Amazon Elastic Load Balancer (ELB) (built-in) | elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth |
| Amazon EventBridge | events:ListEventBuses |
| Amazon FSx | fsx:DescribeFileSystems |
| Amazon GameLift | gamelift:ListFleets |
| AWS Glue | glue:GetJobs |
| Amazon Inspector | inspector:ListAssessmentTemplates |
| AWS Internet of Things (IoT) | |
| AWS IoT Analytics | |
| Amazon Managed Streaming for Kafka | kafka:ListClusters |
| Amazon Kinesis Data Analytics | kinesisanalytics:ListApplications |
| Amazon Data Firehose | firehose:ListDeliveryStreams |
| Amazon Kinesis Data Streams | kinesis:ListStreams |
| Amazon Kinesis Video Streams | kinesisvideo:ListStreams |
| AWS Lambda | lambda:ListFunctions |
| AWS Lambda (built-in) | lambda:ListFunctions, lambda:ListTags |
| Amazon Lex | lex:GetBots |
| Amazon Application and Network Load Balancer (built-in) | elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth |
| Amazon CloudWatch Logs | logs:DescribeLogGroups |
| AWS Elemental MediaConnect | mediaconnect:ListFlows |
| AWS Elemental MediaConvert | mediaconvert:DescribeEndpoints |
| AWS Elemental MediaPackage Live | mediapackage:ListChannels |
| AWS Elemental MediaPackage Video on Demand | mediapackage-vod:ListPackagingConfigurations |
| AWS Elemental MediaTailor | mediatailor:ListPlaybackConfigurations |
| Amazon VPC NAT Gateways | ec2:DescribeNatGateways |
| Amazon Neptune | rds:DescribeDBClusters |
| AWS OpsWorks | opsworks:DescribeStacks |
| Amazon Polly | |
| Amazon QLDB | qldb:ListLedgers |
| Amazon RDS | rds:DescribeDBInstances |
| Amazon RDS (built-in) | rds:DescribeDBInstances, rds:DescribeEvents, rds:ListTagsForResource |
| Amazon Redshift | redshift:DescribeClusters |
| Amazon Rekognition | |
| AWS RoboMaker | robomaker:ListSimulationJobs |
| Amazon Route 53 | route53:ListHostedZones |
| Amazon Route 53 Resolver | route53resolver:ListResolverEndpoints |
| Amazon S3 | s3:ListAllMyBuckets |
| Amazon S3 (built-in) | s3:ListAllMyBuckets |
| Amazon SageMaker Batch Transform Jobs | |
| Amazon SageMaker Endpoint Instances | sagemaker:ListEndpoints |
| Amazon SageMaker Endpoints | sagemaker:ListEndpoints |
| Amazon SageMaker Ground Truth | |
| Amazon SageMaker Processing Jobs | |
| Amazon SageMaker Training Jobs | |
| AWS Service Catalog | |
| Amazon Simple Email Service (SES) | |
| Amazon Simple Notification Service (SNS) | sns:ListTopics |
| Amazon Simple Queue Service (SQS) | sqs:ListQueues |
| AWS Systems Manager - Run Command | |
| AWS Step Functions | |
| AWS Storage Gateway | storagegateway:ListGateways |
| Amazon SWF | swf:ListDomains |
| Amazon Textract | |
| AWS IoT Things Graph | |
| AWS Transfer Family | transfer:ListServers |
| AWS Transit Gateway | ec2:DescribeTransitGateways |
| Amazon Translate | |
| AWS Trusted Advisor | |
| AWS API Usage | |
| AWS Site-to-Site VPN | ec2:DescribeVpnConnections |
| AWS WAF Classic | |
| AWS WAF | |
| Amazon WorkMail | workmail:ListOrganizations |
| Amazon WorkSpaces | workspaces:DescribeWorkspaces |
Example of JSON policy for one single service.
JSON policy for Amazon API Gateway
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"apigateway:GET",
"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"sts:GetCallerIdentity",
"tag:GetResources",
"tag:GetTagKeys",
"ec2:DescribeAvailabilityZones"
],
"Resource": "*"
}
]
}
In this example, from the complete list of permissions you need to select
"apigateway:GET"for Amazon API Gateway"cloudwatch:GetMetricData","cloudwatch:GetMetricStatistics","cloudwatch:ListMetrics","sts:GetCallerIdentity","tag:GetResources","tag:GetTagKeys", and"ec2:DescribeAvailabilityZones"for All AWS cloud services.
AWS endpoints that need to be reachable from ActiveGate with corresponding AWS services¶
| Endpoint | Service |
|---|---|
autoscaling.<REGION>.amazonaws.com |
Amazon EC2 Auto Scaling (built-in), Amazon EC2 Auto Scaling |
lambda.<REGION>.amazonaws.com |
AWS Lambda (built-in), AWS Lambda |
elasticloadbalancing.<REGION>.amazonaws.com |
Amazon Application and Network Load Balancer (built-in), Amazon Elastic Load Balancer (ELB) (built-in) |
dynamodb.<REGION>.amazonaws.com |
Amazon DynamoDB (built-in), Amazon DynamoDB |
ec2.<REGION>.amazonaws.com |
Amazon EBS (built-in), Amazon EC2 (built-in), Amazon EBS, Amazon EC2 Spot Fleet, Amazon VPC NAT Gateways, AWS Transit Gateway, AWS Site-to-Site VPN |
rds.<REGION>.amazonaws.com |
Amazon RDS (built-in), Amazon Aurora, Amazon DocumentDB, Amazon Neptune, Amazon RDS |
s3.<REGION>.amazonaws.com |
Amazon S3 (built-in) |
acm-pca.<REGION>.amazonaws.com |
AWS Certificate Manager Private Certificate Authority |
apigateway.<REGION>.amazonaws.com |
Amazon API Gateway |
apprunner.<REGION>.amazonaws.com |
AWS App Runner |
appstream2.<REGION>.amazonaws.com |
Amazon AppStream |
appsync.<REGION>.amazonaws.com |
AWS AppSync |
athena.<REGION>.amazonaws.com |
Amazon Athena |
cloudfront.amazonaws.com |
Amazon CloudFront |
cloudhsmv2.<REGION>.amazonaws.com |
AWS CloudHSM |
cloudsearch.<REGION>.amazonaws.com |
Amazon CloudSearch |
codebuild.<REGION>.amazonaws.com |
AWS CodeBuild |
datasync.<REGION>.amazonaws.com |
AWS DataSync |
dax.<REGION>.amazonaws.com |
Amazon DynamoDB Accelerator (DAX) |
dms.<REGION>.amazonaws.com |
AWS Database Migration Service (AWS DMS) |
directconnect.<REGION>.amazonaws.com |
AWS Direct Connect |
ecs.<REGION>.amazonaws.com |
Amazon Elastic Container Service (ECS), Amazon ECS Container Insights |
elasticfilesystem.<REGION>.amazonaws.com |
Amazon Elastic File System (EFS) |
eks.<REGION>.amazonaws.com |
Amazon Elastic Kubernetes Service (EKS) |
elasticache.<REGION>.amazonaws.com |
Amazon ElastiCache (EC) |
elasticbeanstalk.<REGION>.amazonaws.com |
AWS Elastic Beanstalk |
elastictranscoder.<REGION>.amazonaws.com |
Amazon Elastic Transcoder |
es.<REGION>.amazonaws.com |
Amazon Elasticsearch Service (ES) |
events.<REGION>.amazonaws.com |
Amazon EventBridge |
fsx.<REGION>.amazonaws.com |
Amazon FSx |
gamelift.<REGION>.amazonaws.com |
Amazon GameLift |
glue.<REGION>.amazonaws.com |
AWS Glue |
inspector.<REGION>.amazonaws.com |
Amazon Inspector |
kafka.<REGION>.amazonaws.com |
Amazon Managed Streaming for Kafka |
models.lex.<REGION>.amazonaws.com |
Amazon Lex |
logs.<REGION>.amazonaws.com |
Amazon CloudWatch Logs |
api.mediatailor.<REGION>.amazonaws.com |
AWS Elemental MediaTailor |
mediaconnect.<REGION>.amazonaws.com |
AWS Elemental MediaConnect |
mediapackage.<REGION>.amazonaws.com |
AWS Elemental MediaPackage Live |
mediapackage-vod.<REGION>.amazonaws.com |
AWS Elemental MediaPackage Video on Demand |
opsworks.<REGION>.amazonaws.com |
AWS OpsWorks |
qldb.<REGION>.amazonaws.com |
Amazon QLDB |
redshift.<REGION>.amazonaws.com |
Amazon Redshift |
robomaker.<REGION>.amazonaws.com |
AWS RoboMaker |
route53.amazonaws.com |
Amazon Route 53 |
route53resolver.<REGION>.amazonaws.com |
Amazon Route 53 Resolver |
api.sagemaker.<REGION>.amazonaws.com |
Amazon SageMaker Endpoints, Amazon SageMaker Endpoint Instances |
sns.<REGION>.amazonaws.com |
Amazon Simple Notification Service (SNS) |
sqs.<REGION>.amazonaws.com |
Amazon Simple Queue Service (SQS) |
storagegateway.<REGION>.amazonaws.com |
AWS Storage Gateway |
swf.<REGION>.amazonaws.com |
Amazon SWF |
transfer.<REGION>.amazonaws.com |
AWS Transfer Family |
workmail.<REGION>.amazonaws.com |
Amazon WorkMail |
workspaces.<REGION>.amazonaws.com |
Amazon WorkSpaces |
Enable monitoring¶
To learn how to enable service monitoring, see Enable service monitoring.
View service metrics¶
You can view the service metrics in your Dynatrace environment either on the custom device overview page or on your Dashboards page.
View metrics on the custom device overview page¶
To access the custom device overview page
- Go to
Technologies & Processes Classic. - Filter by service name and select the relevant custom device group.
- Once you select the custom device group, you're on the custom device group overview page.
- The custom device group overview page lists all instances (custom devices) belonging to the group. Select an instance to view the custom device overview page.
View metrics on your dashboard¶
You can also view metrics in the Dynatrace web UI on dashboards. There is no preset dashboard available for this service, but you can create your own dashboard.
To check the availability of preset dashboards for each AWS service, see the list below.
Preset dashboard availability list¶
| AWS service | Preset dashboard |
|---|---|
| Amazon EC2 Auto Scaling (built-in) | Not applicable |
| AWS Lambda (built-in) | Not applicable |
| Amazon Application and Network Load Balancer (built-in) | Not applicable |
| Amazon DynamoDB (built-in) | Not applicable |
| Amazon EBS (built-in) | Not applicable |
| Amazon EC2 (built-in) | Not applicable |
| Amazon Elastic Load Balancer (ELB) (built-in) | Not applicable |
| Amazon RDS (built-in) | Not applicable |
| Amazon S3 (built-in) | Not applicable |
| AWS Certificate Manager Private Certificate Authority | Not applicable |
| All monitored Amazon services | Not applicable |
| Amazon API Gateway | Not applicable |
| AWS App Runner | Not applicable |
| Amazon AppStream | Applicable |
| AWS AppSync | Applicable |
| Amazon Athena | Applicable |
| Amazon Aurora | Not applicable |
| Amazon EC2 Auto Scaling | Applicable |
| AWS Billing | Applicable |
| Amazon Keyspaces | Applicable |
| AWS Chatbot | Applicable |
| Amazon CloudFront | Not applicable |
| AWS CloudHSM | Applicable |
| Amazon CloudSearch | Applicable |
| AWS CodeBuild | Applicable |
| Amazon Cognito | Not applicable |
| Amazon Connect | Applicable |
| AWS DataSync | Applicable |
| Amazon DynamoDB Accelerator (DAX) | Applicable |
| AWS Database Migration Service (AWS DMS) | Applicable |
| Amazon DocumentDB | Applicable |
| AWS Direct Connect | Applicable |
| Amazon DynamoDB | Not applicable |
| Amazon EBS | Not applicable |
| Amazon EC2 Spot Fleet | Not applicable |
| Amazon EC2 API | Applicable |
| Amazon Elastic Container Service (ECS) | Not applicable |
| Amazon ECS Container Insights | Applicable |
| Amazon Elastic File System (EFS) | Not applicable |
| Amazon Elastic Kubernetes Service (EKS) | Applicable |
| Amazon ElastiCache (EC) | Not applicable |
| AWS Elastic Beanstalk | Applicable |
| Amazon Elastic Inference | Applicable |
| Amazon Elastic Transcoder | Applicable |
| Amazon Elastic Map Reduce (EMR) | Not applicable |
| Amazon Elasticsearch Service (ES) | Not applicable |
| Amazon EventBridge | Applicable |
| Amazon FSx | Applicable |
| Amazon GameLift | Applicable |
| AWS Glue | Not applicable |
| Amazon Inspector | Applicable |
| AWS Internet of Things (IoT) | Not applicable |
| AWS IoT Things Graph | Applicable |
| AWS IoT Analytics | Applicable |
| Amazon Managed Streaming for Kafka | Applicable |
| Amazon Kinesis Data Analytics | Not applicable |
| Amazon Data Firehose | Not applicable |
| Amazon Kinesis Data Streams | Not applicable |
| Amazon Kinesis Video Streams | Not applicable |
| AWS Lambda | Not applicable |
| Amazon Lex | Applicable |
| Amazon CloudWatch Logs | Applicable |
| AWS Elemental MediaTailor | Applicable |
| AWS Elemental MediaConnect | Applicable |
| AWS Elemental MediaConvert | Applicable |
| AWS Elemental MediaPackage Live | Applicable |
| AWS Elemental MediaPackage Video on Demand | Applicable |
| Amazon MQ | Applicable |
| Amazon VPC NAT Gateways | Not applicable |
| Amazon Neptune | Applicable |
| AWS OpsWorks | Applicable |
| Amazon Polly | Applicable |
| Amazon QLDB | Applicable |
| Amazon RDS | Not applicable |
| Amazon Redshift | Not applicable |
| Amazon Rekognition | Applicable |
| AWS RoboMaker | Applicable |
| Amazon Route 53 | Applicable |
| Amazon Route 53 Resolver | Applicable |
| Amazon S3 | Not applicable |
| Amazon SageMaker Batch Transform Jobs | Not applicable |
| Amazon SageMaker Endpoints | Not applicable |
| Amazon SageMaker Endpoint Instances | Not applicable |
| Amazon SageMaker Ground Truth | Not applicable |
| Amazon SageMaker Processing Jobs | Not applicable |
| Amazon SageMaker Training Jobs | Not applicable |
| AWS Service Catalog | Applicable |
| Amazon Simple Email Service (SES) | Not applicable |
| Amazon Simple Notification Service (SNS) | Not applicable |
| Amazon Simple Queue Service (SQS) | Not applicable |
| AWS Systems Manager - Run Command | Applicable |
| AWS Step Functions | Applicable |
| AWS Storage Gateway | Applicable |
| Amazon SWF | Applicable |
| Amazon Textract | Applicable |
| AWS Transfer Family | Applicable |
| AWS Transit Gateway | Applicable |
| Amazon Translate | Applicable |
| AWS Trusted Advisor | Applicable |
| AWS API Usage | Applicable |
| AWS Site-to-Site VPN | Applicable |
| AWS WAF Classic | Applicable |
| AWS WAF | Applicable |
| Amazon WorkMail | Applicable |
| Amazon WorkSpaces | Applicable |
Available metrics¶
This service monitors a part of Amazon EBS (AWS/EBS). While you have this service configured, you can't have Amazon EBS (built-in) service turned on.
VolumeId is the main dimension.
| Name | Description | Unit | Statistics | Dimensions | Recommended |
|---|---|---|---|---|---|
| BurstBalance | Provides information about the percentage of I/O credits (for gp2) or throughput credits (for st1 and sc1) remaining in the burst bucket. |
Percent | Multi | VolumeId | |
| EBSByteBalance% | Provides information about the percentage of throughput credits remaining in the burst bucket. | Percent | Multi | VolumeId | |
| EBSIOBalance% | Provides information about the percentage of I/O credits remaining in the burst bucket. | Percent | Multi | VolumeId | |
| EBSReadBytes | Bytes read from all EBS volumes attached to the instance in a specified period of time. | Bytes | Multi | VolumeId | |
| EBSReadOps | Completed read operations from all Amazon EBS volumes attached to the instance in a specified period of time. | Count | Sum | VolumeId | |
| EBSWriteBytes | Bytes written to all EBS volumes attached to the instance in a specified period of time. | Bytes | Multi | VolumeId | |
| EBSWriteOps | Completed write operations to all EBS volumes attached to the instance in a specified period of time. | Count | Sum | VolumeId | |
| FastSnapshotRestoreCreditsBalance | The number of volume create credits available. This metric is reported per snapshot per Availability Zone. | None | Multi | AvailabilityZone, SnapshotId | |
| FastSnapshotRestoreCreditsBucketSize | The maximum number of volume create credits that can be accumulated. This metric is reported per snapshot per Availability Zone. | None | Multi | AvailabilityZone, SnapshotId | |
| VolumeConsumedReadWriteOps | The total amount of read and write operations (normalized to 256K capacity units) consumed in a specified period of time. | Count | Sum | VolumeId | |
| VolumeIdleTime | The total number of seconds in a specified period of time when no read or write operations were submitted. | Seconds | Multi | VolumeId | Applicable |
| VolumeQueueLength | The number of read and write operation requests waiting to be completed in a specified period of time. | Count | Sum | VolumeId | Applicable |
| VolumeReadBytes | Provides information on the read operations in a specified period of time. | Bytes | Count | VolumeId | |
| VolumeReadBytes | Bytes | Multi | VolumeId | ||
| VolumeReadBytes | Bytes | Sum | VolumeId | Applicable | |
| VolumeReadOps | The total number of read operations in a specified period of time. | Count | Sum | VolumeId | Applicable |
| VolumeThroughputPercentage | The percentage of I/O operations per second (IOPS) delivered of the total IOPS provisioned for an Amazon EBS volume. | Percent | Multi | VolumeId | |
| VolumeTotalReadTime | The total number of seconds spent by all read operations that completed in a specified period of time. | Seconds | Multi | VolumeId | |
| VolumeTotalWriteTime | The total number of seconds spent by all write operations that completed in a specified period of time. | Seconds | Multi | VolumeId | |
| VolumeWriteBytes | Provides information on the write operations in a specified period of time. | Bytes | Count | VolumeId | |
| VolumeWriteBytes | Bytes | Multi | VolumeId | ||
| VolumeWriteBytes | Bytes | Sum | VolumeId | Applicable | |
| VolumeWriteOps | The total number of write operations in a specified period of time. | Count | Sum | VolumeId | Applicable |
Source: aws-service-elastic-inference.md¶
title: Amazon Elastic Inference monitoring source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-with-aws/aws-all-services/aws-service-elastic-inference scraped: 2026-02-18T05:41:18.844132
Amazon Elastic Inference monitoring¶
Amazon Elastic Inference monitoring¶
- How-to guide
- 2-min read
- Published Jul 23, 2020
Dynatrace ingests metrics for multiple preselected namespaces, including Amazon Elastic Inference. You can view graphs per service instance, with a set of dimensions, and create custom graphs that you can pin to your dashboards.
Prerequisites¶
To enable monitoring for this service, you need
-
ActiveGate version 1.197+
-
For Dynatrace SaaS deployments, you need an Environment ActiveGate or a Multi-environment ActiveGate.
For role-based access in SaaS deployment, you need an Environment ActiveGate installed on an Amazon EC2 host.
- Dynatrace version 1.200+
- An updated AWS monitoring policy to include the additional AWS services.
To update the AWS IAM policy, use the JSON below, containing the monitoring policy (permissions) for all supporting services.
JSON predefined policy for all supporting services
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"acm-pca:ListCertificateAuthorities",
"apigateway:GET",
"apprunner:ListServices",
"appstream:DescribeFleets",
"appsync:ListGraphqlApis",
"athena:ListWorkGroups",
"autoscaling:DescribeAutoScalingGroups",
"cloudformation:ListStackResources",
"cloudfront:ListDistributions",
"cloudhsm:DescribeClusters",
"cloudsearch:DescribeDomains",
"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"codebuild:ListProjects",
"datasync:ListTasks",
"dax:DescribeClusters",
"directconnect:DescribeConnections",
"dms:DescribeReplicationInstances",
"dynamodb:ListTables",
"dynamodb:ListTagsOfResource",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeInstances",
"ec2:DescribeNatGateways",
"ec2:DescribeSpotFleetRequests",
"ec2:DescribeTransitGateways",
"ec2:DescribeVolumes",
"ec2:DescribeVpnConnections",
"ecs:ListClusters",
"eks:ListClusters",
"elasticache:DescribeCacheClusters",
"elasticbeanstalk:DescribeEnvironmentResources",
"elasticbeanstalk:DescribeEnvironments",
"elasticfilesystem:DescribeFileSystems",
"elasticloadbalancing:DescribeInstanceHealth",
"elasticloadbalancing:DescribeListeners",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeRules",
"elasticloadbalancing:DescribeTags",
"elasticloadbalancing:DescribeTargetHealth",
"elasticmapreduce:ListClusters",
"elastictranscoder:ListPipelines",
"es:ListDomainNames",
"events:ListEventBuses",
"firehose:ListDeliveryStreams",
"fsx:DescribeFileSystems",
"gamelift:ListFleets",
"glue:GetJobs",
"inspector:ListAssessmentTemplates",
"kafka:ListClusters",
"kinesis:ListStreams",
"kinesisanalytics:ListApplications",
"kinesisvideo:ListStreams",
"lambda:ListFunctions",
"lambda:ListTags",
"lex:GetBots",
"logs:DescribeLogGroups",
"mediaconnect:ListFlows",
"mediaconvert:DescribeEndpoints",
"mediapackage-vod:ListPackagingConfigurations",
"mediapackage:ListChannels",
"mediatailor:ListPlaybackConfigurations",
"opsworks:DescribeStacks",
"qldb:ListLedgers",
"rds:DescribeDBClusters",
"rds:DescribeDBInstances",
"rds:DescribeEvents",
"rds:ListTagsForResource",
"redshift:DescribeClusters",
"robomaker:ListSimulationJobs",
"route53:ListHostedZones",
"route53resolver:ListResolverEndpoints",
"s3:ListAllMyBuckets",
"sagemaker:ListEndpoints",
"sns:ListTopics",
"sqs:ListQueues",
"storagegateway:ListGateways",
"sts:GetCallerIdentity",
"swf:ListDomains",
"tag:GetResources",
"tag:GetTagKeys",
"transfer:ListServers",
"workmail:ListOrganizations",
"workspaces:DescribeWorkspaces"
],
"Resource": "*"
}
]
}
If you don't want to add permissions to all services, and just select permissions for certain services, consult the table below. The table contains a set of permissions that are required for All AWS cloud services and, for each supporting service, a list of optional permissions specific to that service.
Permissions required for AWS monitoring integration:
"cloudwatch:GetMetricData""cloudwatch:GetMetricStatistics""cloudwatch:ListMetrics""sts:GetCallerIdentity""tag:GetResources""tag:GetTagKeys""ec2:DescribeAvailabilityZones"
Complete list of permissions for cloud services¶
| Name | Permissions |
|---|---|
| All monitored Amazon services Required | cloudwatch:GetMetricData, cloudwatch:GetMetricStatistics, cloudwatch:ListMetrics, sts:GetCallerIdentity, tag:GetResources, tag:GetTagKeys, ec2:DescribeAvailabilityZones |
| AWS Certificate Manager Private Certificate Authority | acm-pca:ListCertificateAuthorities |
| Amazon MQ | |
| Amazon API Gateway | apigateway:GET |
| AWS App Runner | apprunner:ListServices |
| Amazon AppStream | appstream:DescribeFleets |
| AWS AppSync | appsync:ListGraphqlApis |
| Amazon Athena | athena:ListWorkGroups |
| Amazon Aurora | rds:DescribeDBClusters |
| Amazon EC2 Auto Scaling | autoscaling:DescribeAutoScalingGroups |
| Amazon EC2 Auto Scaling (built-in) | autoscaling:DescribeAutoScalingGroups |
| AWS Billing | |
| Amazon Keyspaces | |
| AWS Chatbot | |
| Amazon CloudFront | cloudfront:ListDistributions |
| AWS CloudHSM | cloudhsm:DescribeClusters |
| Amazon CloudSearch | cloudsearch:DescribeDomains |
| AWS CodeBuild | codebuild:ListProjects |
| Amazon Cognito | |
| Amazon Connect | |
| Amazon Elastic Kubernetes Service (EKS) | eks:ListClusters |
| AWS DataSync | datasync:ListTasks |
| Amazon DynamoDB Accelerator (DAX) | dax:DescribeClusters |
| AWS Database Migration Service (AWS DMS) | dms:DescribeReplicationInstances |
| Amazon DocumentDB | rds:DescribeDBClusters |
| AWS Direct Connect | directconnect:DescribeConnections |
| Amazon DynamoDB | dynamodb:ListTables |
| Amazon DynamoDB (built-in) | dynamodb:ListTables, dynamodb:ListTagsOfResource |
| Amazon EBS | ec2:DescribeVolumes |
| Amazon EBS (built-in) | ec2:DescribeVolumes |
| Amazon EC2 API | |
| Amazon EC2 (built-in) | ec2:DescribeInstances |
| Amazon EC2 Spot Fleet | ec2:DescribeSpotFleetRequests |
| Amazon Elastic Container Service (ECS) | ecs:ListClusters |
| Amazon ECS Container Insights | ecs:ListClusters |
| Amazon ElastiCache (EC) | elasticache:DescribeCacheClusters |
| AWS Elastic Beanstalk | elasticbeanstalk:DescribeEnvironments |
| Amazon Elastic File System (EFS) | elasticfilesystem:DescribeFileSystems |
| Amazon Elastic Inference | |
| Amazon Elastic Map Reduce (EMR) | elasticmapreduce:ListClusters |
| Amazon Elasticsearch Service (ES) | es:ListDomainNames |
| Amazon Elastic Transcoder | elastictranscoder:ListPipelines |
| Amazon Elastic Load Balancer (ELB) (built-in) | elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth |
| Amazon EventBridge | events:ListEventBuses |
| Amazon FSx | fsx:DescribeFileSystems |
| Amazon GameLift | gamelift:ListFleets |
| AWS Glue | glue:GetJobs |
| Amazon Inspector | inspector:ListAssessmentTemplates |
| AWS Internet of Things (IoT) | |
| AWS IoT Analytics | |
| Amazon Managed Streaming for Kafka | kafka:ListClusters |
| Amazon Kinesis Data Analytics | kinesisanalytics:ListApplications |
| Amazon Data Firehose | firehose:ListDeliveryStreams |
| Amazon Kinesis Data Streams | kinesis:ListStreams |
| Amazon Kinesis Video Streams | kinesisvideo:ListStreams |
| AWS Lambda | lambda:ListFunctions |
| AWS Lambda (built-in) | lambda:ListFunctions, lambda:ListTags |
| Amazon Lex | lex:GetBots |
| Amazon Application and Network Load Balancer (built-in) | elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth |
| Amazon CloudWatch Logs | logs:DescribeLogGroups |
| AWS Elemental MediaConnect | mediaconnect:ListFlows |
| AWS Elemental MediaConvert | mediaconvert:DescribeEndpoints |
| AWS Elemental MediaPackage Live | mediapackage:ListChannels |
| AWS Elemental MediaPackage Video on Demand | mediapackage-vod:ListPackagingConfigurations |
| AWS Elemental MediaTailor | mediatailor:ListPlaybackConfigurations |
| Amazon VPC NAT Gateways | ec2:DescribeNatGateways |
| Amazon Neptune | rds:DescribeDBClusters |
| AWS OpsWorks | opsworks:DescribeStacks |
| Amazon Polly | |
| Amazon QLDB | qldb:ListLedgers |
| Amazon RDS | rds:DescribeDBInstances |
| Amazon RDS (built-in) | rds:DescribeDBInstances, rds:DescribeEvents, rds:ListTagsForResource |
| Amazon Redshift | redshift:DescribeClusters |
| Amazon Rekognition | |
| AWS RoboMaker | robomaker:ListSimulationJobs |
| Amazon Route 53 | route53:ListHostedZones |
| Amazon Route 53 Resolver | route53resolver:ListResolverEndpoints |
| Amazon S3 | s3:ListAllMyBuckets |
| Amazon S3 (built-in) | s3:ListAllMyBuckets |
| Amazon SageMaker Batch Transform Jobs | |
| Amazon SageMaker Endpoint Instances | sagemaker:ListEndpoints |
| Amazon SageMaker Endpoints | sagemaker:ListEndpoints |
| Amazon SageMaker Ground Truth | |
| Amazon SageMaker Processing Jobs | |
| Amazon SageMaker Training Jobs | |
| AWS Service Catalog | |
| Amazon Simple Email Service (SES) | |
| Amazon Simple Notification Service (SNS) | sns:ListTopics |
| Amazon Simple Queue Service (SQS) | sqs:ListQueues |
| AWS Systems Manager - Run Command | |
| AWS Step Functions | |
| AWS Storage Gateway | storagegateway:ListGateways |
| Amazon SWF | swf:ListDomains |
| Amazon Textract | |
| AWS IoT Things Graph | |
| AWS Transfer Family | transfer:ListServers |
| AWS Transit Gateway | ec2:DescribeTransitGateways |
| Amazon Translate | |
| AWS Trusted Advisor | |
| AWS API Usage | |
| AWS Site-to-Site VPN | ec2:DescribeVpnConnections |
| AWS WAF Classic | |
| AWS WAF | |
| Amazon WorkMail | workmail:ListOrganizations |
| Amazon WorkSpaces | workspaces:DescribeWorkspaces |
Example of JSON policy for one single service.
JSON policy for Amazon API Gateway
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"apigateway:GET",
"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"sts:GetCallerIdentity",
"tag:GetResources",
"tag:GetTagKeys",
"ec2:DescribeAvailabilityZones"
],
"Resource": "*"
}
]
}
In this example, from the complete list of permissions you need to select
"apigateway:GET"for Amazon API Gateway"cloudwatch:GetMetricData","cloudwatch:GetMetricStatistics","cloudwatch:ListMetrics","sts:GetCallerIdentity","tag:GetResources","tag:GetTagKeys", and"ec2:DescribeAvailabilityZones"for All AWS cloud services.
Enable monitoring¶
To learn how to enable service monitoring, see Enable service monitoring.
View service metrics¶
You can view the service metrics in your Dynatrace environment either on the custom device overview page or on your Dashboards page.
View metrics on the custom device overview page¶
To access the custom device overview page
- Go to
Technologies & Processes Classic. - Filter by service name and select the relevant custom device group.
- Once you select the custom device group, you're on the custom device group overview page.
- The custom device group overview page lists all instances (custom devices) belonging to the group. Select an instance to view the custom device overview page.
View metrics on your dashboard¶
After you add the service to monitoring, a preset dashboard containing all recommended metrics is automatically listed on your Dashboards page. To look for specific dashboards, filter by Preset and then by Name.

For existing monitored services, you might need to resave your credentials for the preset dashboard to appear on the Dashboards page. To resave your credentials, go to Settings > Cloud and virtualization > AWS, select the desired AWS instance, and then select Save.
You can't make changes on a preset dashboard directly, but you can clone and edit it. To clone a dashboard, open the browse menu (â¦) and select Clone.
To remove a dashboard from the dashboards page, you can hide it. To hide a dashboard, open the browse menu (â¦) and select Hide.
Hiding a dashboard doesn't affect other users.

To check the availability of preset dashboards for each AWS service, see the list below.
Preset dashboard availability list¶
| AWS service | Preset dashboard |
|---|---|
| Amazon EC2 Auto Scaling (built-in) | Not applicable |
| AWS Lambda (built-in) | Not applicable |
| Amazon Application and Network Load Balancer (built-in) | Not applicable |
| Amazon DynamoDB (built-in) | Not applicable |
| Amazon EBS (built-in) | Not applicable |
| Amazon EC2 (built-in) | Not applicable |
| Amazon Elastic Load Balancer (ELB) (built-in) | Not applicable |
| Amazon RDS (built-in) | Not applicable |
| Amazon S3 (built-in) | Not applicable |
| AWS Certificate Manager Private Certificate Authority | Not applicable |
| All monitored Amazon services | Not applicable |
| Amazon API Gateway | Not applicable |
| AWS App Runner | Not applicable |
| Amazon AppStream | Applicable |
| AWS AppSync | Applicable |
| Amazon Athena | Applicable |
| Amazon Aurora | Not applicable |
| Amazon EC2 Auto Scaling | Applicable |
| AWS Billing | Applicable |
| Amazon Keyspaces | Applicable |
| AWS Chatbot | Applicable |
| Amazon CloudFront | Not applicable |
| AWS CloudHSM | Applicable |
| Amazon CloudSearch | Applicable |
| AWS CodeBuild | Applicable |
| Amazon Cognito | Not applicable |
| Amazon Connect | Applicable |
| AWS DataSync | Applicable |
| Amazon DynamoDB Accelerator (DAX) | Applicable |
| AWS Database Migration Service (AWS DMS) | Applicable |
| Amazon DocumentDB | Applicable |
| AWS Direct Connect | Applicable |
| Amazon DynamoDB | Not applicable |
| Amazon EBS | Not applicable |
| Amazon EC2 Spot Fleet | Not applicable |
| Amazon EC2 API | Applicable |
| Amazon Elastic Container Service (ECS) | Not applicable |
| Amazon ECS Container Insights | Applicable |
| Amazon Elastic File System (EFS) | Not applicable |
| Amazon Elastic Kubernetes Service (EKS) | Applicable |
| Amazon ElastiCache (EC) | Not applicable |
| AWS Elastic Beanstalk | Applicable |
| Amazon Elastic Inference | Applicable |
| Amazon Elastic Transcoder | Applicable |
| Amazon Elastic Map Reduce (EMR) | Not applicable |
| Amazon Elasticsearch Service (ES) | Not applicable |
| Amazon EventBridge | Applicable |
| Amazon FSx | Applicable |
| Amazon GameLift | Applicable |
| AWS Glue | Not applicable |
| Amazon Inspector | Applicable |
| AWS Internet of Things (IoT) | Not applicable |
| AWS IoT Things Graph | Applicable |
| AWS IoT Analytics | Applicable |
| Amazon Managed Streaming for Kafka | Applicable |
| Amazon Kinesis Data Analytics | Not applicable |
| Amazon Data Firehose | Not applicable |
| Amazon Kinesis Data Streams | Not applicable |
| Amazon Kinesis Video Streams | Not applicable |
| AWS Lambda | Not applicable |
| Amazon Lex | Applicable |
| Amazon CloudWatch Logs | Applicable |
| AWS Elemental MediaTailor | Applicable |
| AWS Elemental MediaConnect | Applicable |
| AWS Elemental MediaConvert | Applicable |
| AWS Elemental MediaPackage Live | Applicable |
| AWS Elemental MediaPackage Video on Demand | Applicable |
| Amazon MQ | Applicable |
| Amazon VPC NAT Gateways | Not applicable |
| Amazon Neptune | Applicable |
| AWS OpsWorks | Applicable |
| Amazon Polly | Applicable |
| Amazon QLDB | Applicable |
| Amazon RDS | Not applicable |
| Amazon Redshift | Not applicable |
| Amazon Rekognition | Applicable |
| AWS RoboMaker | Applicable |
| Amazon Route 53 | Applicable |
| Amazon Route 53 Resolver | Applicable |
| Amazon S3 | Not applicable |
| Amazon SageMaker Batch Transform Jobs | Not applicable |
| Amazon SageMaker Endpoints | Not applicable |
| Amazon SageMaker Endpoint Instances | Not applicable |
| Amazon SageMaker Ground Truth | Not applicable |
| Amazon SageMaker Processing Jobs | Not applicable |
| Amazon SageMaker Training Jobs | Not applicable |
| AWS Service Catalog | Applicable |
| Amazon Simple Email Service (SES) | Not applicable |
| Amazon Simple Notification Service (SNS) | Not applicable |
| Amazon Simple Queue Service (SQS) | Not applicable |
| AWS Systems Manager - Run Command | Applicable |
| AWS Step Functions | Applicable |
| AWS Storage Gateway | Applicable |
| Amazon SWF | Applicable |
| Amazon Textract | Applicable |
| AWS Transfer Family | Applicable |
| AWS Transit Gateway | Applicable |
| Amazon Translate | Applicable |
| AWS Trusted Advisor | Applicable |
| AWS API Usage | Applicable |
| AWS Site-to-Site VPN | Applicable |
| AWS WAF Classic | Applicable |
| AWS WAF | Applicable |
| Amazon WorkMail | Applicable |
| Amazon WorkSpaces | Applicable |

Available metrics¶
About dimensions
- ElasticInferenceAcceleratorId filters the data by the Elastic Inference accelerator.
- InstanceId filters the data by instance to which the Elastic Inference accelerator is attached.
InstanceId is the main dimension.
| Name | Description | Unit | Statistics | Dimensions | Recommended |
|---|---|---|---|---|---|
| AcceleratorHealthCheckFailed | Reports whether the Elastic Inference accelerator has passed a status health check in the last minute | Count | Sum | InstanceId, ElasticInferenceAcceleratorId | Applicable |
| AcceleratorHealthCheckFailed | Count | Multi | InstanceId, ElasticInferenceAcceleratorId | ||
| AcceleratorInferenceWithClientErrorCount | The number of inference requests reaching the Elastic Inference accelerator in the last minute that resulted in a 4xx error | Count | Sum | InstanceId, ElasticInferenceAcceleratorId | Applicable |
| AcceleratorInferenceWithClientErrorCount | Count | Multi | InstanceId, ElasticInferenceAcceleratorId | ||
| AcceleratorInferenceWithServerErrorCount | The number of inference requests reaching the Elastic Inference accelerator in the last minute that resulted in a 5xx error | Count | Sum | InstanceId, ElasticInferenceAcceleratorId | Applicable |
| AcceleratorInferenceWithServerErrorCount | Count | Multi | InstanceId, ElasticInferenceAcceleratorId | ||
| AcceleratorMemoryUsage | The memory of the Elastic Inference accelerator used in the last minute | Bytes | Multi | InstanceId, ElasticInferenceAcceleratorId | Applicable |
| AcceleratorSuccessfulInferenceCount | The number of successful inference requests reaching the Elastic Inference accelerator in the last minute | Count | Sum | InstanceId, ElasticInferenceAcceleratorId | Applicable |
| AcceleratorSuccessfulInferenceCount | Count | Multi | InstanceId, ElasticInferenceAcceleratorId | ||
| AcceleratorTotalInferenceCount | The number of inference requests reaching the Elastic Inference accelerator in the last minute | Count | Sum | InstanceId, ElasticInferenceAcceleratorId | Applicable |
| AcceleratorTotalInferenceCount | Count | Multi | InstanceId, ElasticInferenceAcceleratorId | ||
| AcceleratorUtilization | The percentage of the Elastic Inference accelerator used for computation in the last minute | Percent | Multi | InstanceId, ElasticInferenceAcceleratorId | Applicable |
| ConnectivityCheckFailed | Reports whether connectivity to the Elastic Inference accelerator is active or has failed in the last minute | Count | Sum | InstanceId, ElasticInferenceAcceleratorId | Applicable |
| ConnectivityCheckFailed | Count | Multi | InstanceId, ElasticInferenceAcceleratorId |
Source: aws-service-elastic-transcoder.md¶
title: Amazon Elastic Transcoder monitoring source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-with-aws/aws-all-services/aws-service-elastic-transcoder scraped: 2026-02-17T21:26:46.454741
Amazon Elastic Transcoder monitoring¶
Amazon Elastic Transcoder monitoring¶
- How-to guide
- 2-min read
- Published Jul 21, 2020
Dynatrace ingests metrics for multiple preselected namespaces, including Amazon Elastic Transcoder. You can view graphs per service instance, with a set of dimensions, and create custom graphs that you can pin to your dashboards.
Prerequisites¶
To enable monitoring for this service, you need
-
ActiveGate version 1.197+
-
For Dynatrace SaaS deployments, you need an Environment ActiveGate or a Multi-environment ActiveGate.
For role-based access in SaaS deployment, you need an Environment ActiveGate installed on an Amazon EC2 host.
- Dynatrace version 1.199+
- An updated AWS monitoring policy to include the additional AWS services.
To update the AWS IAM policy, use the JSON below, containing the monitoring policy (permissions) for all supporting services.
JSON predefined policy for all supporting services
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"acm-pca:ListCertificateAuthorities",
"apigateway:GET",
"apprunner:ListServices",
"appstream:DescribeFleets",
"appsync:ListGraphqlApis",
"athena:ListWorkGroups",
"autoscaling:DescribeAutoScalingGroups",
"cloudformation:ListStackResources",
"cloudfront:ListDistributions",
"cloudhsm:DescribeClusters",
"cloudsearch:DescribeDomains",
"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"codebuild:ListProjects",
"datasync:ListTasks",
"dax:DescribeClusters",
"directconnect:DescribeConnections",
"dms:DescribeReplicationInstances",
"dynamodb:ListTables",
"dynamodb:ListTagsOfResource",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeInstances",
"ec2:DescribeNatGateways",
"ec2:DescribeSpotFleetRequests",
"ec2:DescribeTransitGateways",
"ec2:DescribeVolumes",
"ec2:DescribeVpnConnections",
"ecs:ListClusters",
"eks:ListClusters",
"elasticache:DescribeCacheClusters",
"elasticbeanstalk:DescribeEnvironmentResources",
"elasticbeanstalk:DescribeEnvironments",
"elasticfilesystem:DescribeFileSystems",
"elasticloadbalancing:DescribeInstanceHealth",
"elasticloadbalancing:DescribeListeners",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeRules",
"elasticloadbalancing:DescribeTags",
"elasticloadbalancing:DescribeTargetHealth",
"elasticmapreduce:ListClusters",
"elastictranscoder:ListPipelines",
"es:ListDomainNames",
"events:ListEventBuses",
"firehose:ListDeliveryStreams",
"fsx:DescribeFileSystems",
"gamelift:ListFleets",
"glue:GetJobs",
"inspector:ListAssessmentTemplates",
"kafka:ListClusters",
"kinesis:ListStreams",
"kinesisanalytics:ListApplications",
"kinesisvideo:ListStreams",
"lambda:ListFunctions",
"lambda:ListTags",
"lex:GetBots",
"logs:DescribeLogGroups",
"mediaconnect:ListFlows",
"mediaconvert:DescribeEndpoints",
"mediapackage-vod:ListPackagingConfigurations",
"mediapackage:ListChannels",
"mediatailor:ListPlaybackConfigurations",
"opsworks:DescribeStacks",
"qldb:ListLedgers",
"rds:DescribeDBClusters",
"rds:DescribeDBInstances",
"rds:DescribeEvents",
"rds:ListTagsForResource",
"redshift:DescribeClusters",
"robomaker:ListSimulationJobs",
"route53:ListHostedZones",
"route53resolver:ListResolverEndpoints",
"s3:ListAllMyBuckets",
"sagemaker:ListEndpoints",
"sns:ListTopics",
"sqs:ListQueues",
"storagegateway:ListGateways",
"sts:GetCallerIdentity",
"swf:ListDomains",
"tag:GetResources",
"tag:GetTagKeys",
"transfer:ListServers",
"workmail:ListOrganizations",
"workspaces:DescribeWorkspaces"
],
"Resource": "*"
}
]
}
If you don't want to add permissions to all services, and just select permissions for certain services, consult the table below. The table contains a set of permissions that are required for All AWS cloud services and, for each supporting service, a list of optional permissions specific to that service.
Permissions required for AWS monitoring integration:
"cloudwatch:GetMetricData""cloudwatch:GetMetricStatistics""cloudwatch:ListMetrics""sts:GetCallerIdentity""tag:GetResources""tag:GetTagKeys""ec2:DescribeAvailabilityZones"
Complete list of permissions for cloud services¶
| Name | Permissions |
|---|---|
| All monitored Amazon services Required | cloudwatch:GetMetricData, cloudwatch:GetMetricStatistics, cloudwatch:ListMetrics, sts:GetCallerIdentity, tag:GetResources, tag:GetTagKeys, ec2:DescribeAvailabilityZones |
| AWS Certificate Manager Private Certificate Authority | acm-pca:ListCertificateAuthorities |
| Amazon MQ | |
| Amazon API Gateway | apigateway:GET |
| AWS App Runner | apprunner:ListServices |
| Amazon AppStream | appstream:DescribeFleets |
| AWS AppSync | appsync:ListGraphqlApis |
| Amazon Athena | athena:ListWorkGroups |
| Amazon Aurora | rds:DescribeDBClusters |
| Amazon EC2 Auto Scaling | autoscaling:DescribeAutoScalingGroups |
| Amazon EC2 Auto Scaling (built-in) | autoscaling:DescribeAutoScalingGroups |
| AWS Billing | |
| Amazon Keyspaces | |
| AWS Chatbot | |
| Amazon CloudFront | cloudfront:ListDistributions |
| AWS CloudHSM | cloudhsm:DescribeClusters |
| Amazon CloudSearch | cloudsearch:DescribeDomains |
| AWS CodeBuild | codebuild:ListProjects |
| Amazon Cognito | |
| Amazon Connect | |
| Amazon Elastic Kubernetes Service (EKS) | eks:ListClusters |
| AWS DataSync | datasync:ListTasks |
| Amazon DynamoDB Accelerator (DAX) | dax:DescribeClusters |
| AWS Database Migration Service (AWS DMS) | dms:DescribeReplicationInstances |
| Amazon DocumentDB | rds:DescribeDBClusters |
| AWS Direct Connect | directconnect:DescribeConnections |
| Amazon DynamoDB | dynamodb:ListTables |
| Amazon DynamoDB (built-in) | dynamodb:ListTables, dynamodb:ListTagsOfResource |
| Amazon EBS | ec2:DescribeVolumes |
| Amazon EBS (built-in) | ec2:DescribeVolumes |
| Amazon EC2 API | |
| Amazon EC2 (built-in) | ec2:DescribeInstances |
| Amazon EC2 Spot Fleet | ec2:DescribeSpotFleetRequests |
| Amazon Elastic Container Service (ECS) | ecs:ListClusters |
| Amazon ECS Container Insights | ecs:ListClusters |
| Amazon ElastiCache (EC) | elasticache:DescribeCacheClusters |
| AWS Elastic Beanstalk | elasticbeanstalk:DescribeEnvironments |
| Amazon Elastic File System (EFS) | elasticfilesystem:DescribeFileSystems |
| Amazon Elastic Inference | |
| Amazon Elastic Map Reduce (EMR) | elasticmapreduce:ListClusters |
| Amazon Elasticsearch Service (ES) | es:ListDomainNames |
| Amazon Elastic Transcoder | elastictranscoder:ListPipelines |
| Amazon Elastic Load Balancer (ELB) (built-in) | elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth |
| Amazon EventBridge | events:ListEventBuses |
| Amazon FSx | fsx:DescribeFileSystems |
| Amazon GameLift | gamelift:ListFleets |
| AWS Glue | glue:GetJobs |
| Amazon Inspector | inspector:ListAssessmentTemplates |
| AWS Internet of Things (IoT) | |
| AWS IoT Analytics | |
| Amazon Managed Streaming for Kafka | kafka:ListClusters |
| Amazon Kinesis Data Analytics | kinesisanalytics:ListApplications |
| Amazon Data Firehose | firehose:ListDeliveryStreams |
| Amazon Kinesis Data Streams | kinesis:ListStreams |
| Amazon Kinesis Video Streams | kinesisvideo:ListStreams |
| AWS Lambda | lambda:ListFunctions |
| AWS Lambda (built-in) | lambda:ListFunctions, lambda:ListTags |
| Amazon Lex | lex:GetBots |
| Amazon Application and Network Load Balancer (built-in) | elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth |
| Amazon CloudWatch Logs | logs:DescribeLogGroups |
| AWS Elemental MediaConnect | mediaconnect:ListFlows |
| AWS Elemental MediaConvert | mediaconvert:DescribeEndpoints |
| AWS Elemental MediaPackage Live | mediapackage:ListChannels |
| AWS Elemental MediaPackage Video on Demand | mediapackage-vod:ListPackagingConfigurations |
| AWS Elemental MediaTailor | mediatailor:ListPlaybackConfigurations |
| Amazon VPC NAT Gateways | ec2:DescribeNatGateways |
| Amazon Neptune | rds:DescribeDBClusters |
| AWS OpsWorks | opsworks:DescribeStacks |
| Amazon Polly | |
| Amazon QLDB | qldb:ListLedgers |
| Amazon RDS | rds:DescribeDBInstances |
| Amazon RDS (built-in) | rds:DescribeDBInstances, rds:DescribeEvents, rds:ListTagsForResource |
| Amazon Redshift | redshift:DescribeClusters |
| Amazon Rekognition | |
| AWS RoboMaker | robomaker:ListSimulationJobs |
| Amazon Route 53 | route53:ListHostedZones |
| Amazon Route 53 Resolver | route53resolver:ListResolverEndpoints |
| Amazon S3 | s3:ListAllMyBuckets |
| Amazon S3 (built-in) | s3:ListAllMyBuckets |
| Amazon SageMaker Batch Transform Jobs | |
| Amazon SageMaker Endpoint Instances | sagemaker:ListEndpoints |
| Amazon SageMaker Endpoints | sagemaker:ListEndpoints |
| Amazon SageMaker Ground Truth | |
| Amazon SageMaker Processing Jobs | |
| Amazon SageMaker Training Jobs | |
| AWS Service Catalog | |
| Amazon Simple Email Service (SES) | |
| Amazon Simple Notification Service (SNS) | sns:ListTopics |
| Amazon Simple Queue Service (SQS) | sqs:ListQueues |
| AWS Systems Manager - Run Command | |
| AWS Step Functions | |
| AWS Storage Gateway | storagegateway:ListGateways |
| Amazon SWF | swf:ListDomains |
| Amazon Textract | |
| AWS IoT Things Graph | |
| AWS Transfer Family | transfer:ListServers |
| AWS Transit Gateway | ec2:DescribeTransitGateways |
| Amazon Translate | |
| AWS Trusted Advisor | |
| AWS API Usage | |
| AWS Site-to-Site VPN | ec2:DescribeVpnConnections |
| AWS WAF Classic | |
| AWS WAF | |
| Amazon WorkMail | workmail:ListOrganizations |
| Amazon WorkSpaces | workspaces:DescribeWorkspaces |
Example of JSON policy for one single service.
JSON policy for Amazon API Gateway
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"apigateway:GET",
"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"sts:GetCallerIdentity",
"tag:GetResources",
"tag:GetTagKeys",
"ec2:DescribeAvailabilityZones"
],
"Resource": "*"
}
]
}
In this example, from the complete list of permissions you need to select
"apigateway:GET"for Amazon API Gateway"cloudwatch:GetMetricData","cloudwatch:GetMetricStatistics","cloudwatch:ListMetrics","sts:GetCallerIdentity","tag:GetResources","tag:GetTagKeys", and"ec2:DescribeAvailabilityZones"for All AWS cloud services.
AWS endpoints that need to be reachable from ActiveGate with corresponding AWS services¶
| Endpoint | Service |
|---|---|
autoscaling.<REGION>.amazonaws.com |
Amazon EC2 Auto Scaling (built-in), Amazon EC2 Auto Scaling |
lambda.<REGION>.amazonaws.com |
AWS Lambda (built-in), AWS Lambda |
elasticloadbalancing.<REGION>.amazonaws.com |
Amazon Application and Network Load Balancer (built-in), Amazon Elastic Load Balancer (ELB) (built-in) |
dynamodb.<REGION>.amazonaws.com |
Amazon DynamoDB (built-in), Amazon DynamoDB |
ec2.<REGION>.amazonaws.com |
Amazon EBS (built-in), Amazon EC2 (built-in), Amazon EBS, Amazon EC2 Spot Fleet, Amazon VPC NAT Gateways, AWS Transit Gateway, AWS Site-to-Site VPN |
rds.<REGION>.amazonaws.com |
Amazon RDS (built-in), Amazon Aurora, Amazon DocumentDB, Amazon Neptune, Amazon RDS |
s3.<REGION>.amazonaws.com |
Amazon S3 (built-in) |
acm-pca.<REGION>.amazonaws.com |
AWS Certificate Manager Private Certificate Authority |
apigateway.<REGION>.amazonaws.com |
Amazon API Gateway |
apprunner.<REGION>.amazonaws.com |
AWS App Runner |
appstream2.<REGION>.amazonaws.com |
Amazon AppStream |
appsync.<REGION>.amazonaws.com |
AWS AppSync |
athena.<REGION>.amazonaws.com |
Amazon Athena |
cloudfront.amazonaws.com |
Amazon CloudFront |
cloudhsmv2.<REGION>.amazonaws.com |
AWS CloudHSM |
cloudsearch.<REGION>.amazonaws.com |
Amazon CloudSearch |
codebuild.<REGION>.amazonaws.com |
AWS CodeBuild |
datasync.<REGION>.amazonaws.com |
AWS DataSync |
dax.<REGION>.amazonaws.com |
Amazon DynamoDB Accelerator (DAX) |
dms.<REGION>.amazonaws.com |
AWS Database Migration Service (AWS DMS) |
directconnect.<REGION>.amazonaws.com |
AWS Direct Connect |
ecs.<REGION>.amazonaws.com |
Amazon Elastic Container Service (ECS), Amazon ECS Container Insights |
elasticfilesystem.<REGION>.amazonaws.com |
Amazon Elastic File System (EFS) |
eks.<REGION>.amazonaws.com |
Amazon Elastic Kubernetes Service (EKS) |
elasticache.<REGION>.amazonaws.com |
Amazon ElastiCache (EC) |
elasticbeanstalk.<REGION>.amazonaws.com |
AWS Elastic Beanstalk |
elastictranscoder.<REGION>.amazonaws.com |
Amazon Elastic Transcoder |
es.<REGION>.amazonaws.com |
Amazon Elasticsearch Service (ES) |
events.<REGION>.amazonaws.com |
Amazon EventBridge |
fsx.<REGION>.amazonaws.com |
Amazon FSx |
gamelift.<REGION>.amazonaws.com |
Amazon GameLift |
glue.<REGION>.amazonaws.com |
AWS Glue |
inspector.<REGION>.amazonaws.com |
Amazon Inspector |
kafka.<REGION>.amazonaws.com |
Amazon Managed Streaming for Kafka |
models.lex.<REGION>.amazonaws.com |
Amazon Lex |
logs.<REGION>.amazonaws.com |
Amazon CloudWatch Logs |
api.mediatailor.<REGION>.amazonaws.com |
AWS Elemental MediaTailor |
mediaconnect.<REGION>.amazonaws.com |
AWS Elemental MediaConnect |
mediapackage.<REGION>.amazonaws.com |
AWS Elemental MediaPackage Live |
mediapackage-vod.<REGION>.amazonaws.com |
AWS Elemental MediaPackage Video on Demand |
opsworks.<REGION>.amazonaws.com |
AWS OpsWorks |
qldb.<REGION>.amazonaws.com |
Amazon QLDB |
redshift.<REGION>.amazonaws.com |
Amazon Redshift |
robomaker.<REGION>.amazonaws.com |
AWS RoboMaker |
route53.amazonaws.com |
Amazon Route 53 |
route53resolver.<REGION>.amazonaws.com |
Amazon Route 53 Resolver |
api.sagemaker.<REGION>.amazonaws.com |
Amazon SageMaker Endpoints, Amazon SageMaker Endpoint Instances |
sns.<REGION>.amazonaws.com |
Amazon Simple Notification Service (SNS) |
sqs.<REGION>.amazonaws.com |
Amazon Simple Queue Service (SQS) |
storagegateway.<REGION>.amazonaws.com |
AWS Storage Gateway |
swf.<REGION>.amazonaws.com |
Amazon SWF |
transfer.<REGION>.amazonaws.com |
AWS Transfer Family |
workmail.<REGION>.amazonaws.com |
Amazon WorkMail |
workspaces.<REGION>.amazonaws.com |
Amazon WorkSpaces |
Enable monitoring¶
To learn how to enable service monitoring, see Enable service monitoring.
View service metrics¶
You can view the service metrics in your Dynatrace environment either on the custom device overview page or on your Dashboards page.
View metrics on the custom device overview page¶
To access the custom device overview page
- Go to
Technologies & Processes Classic. - Filter by service name and select the relevant custom device group.
- Once you select the custom device group, you're on the custom device group overview page.
- The custom device group overview page lists all instances (custom devices) belonging to the group. Select an instance to view the custom device overview page.
View metrics on your dashboard¶
After you add the service to monitoring, a preset dashboard containing all recommended metrics is automatically listed on your Dashboards page. To look for specific dashboards, filter by Preset and then by Name.

For existing monitored services, you might need to resave your credentials for the preset dashboard to appear on the Dashboards page. To resave your credentials, go to Settings > Cloud and virtualization > AWS, select the desired AWS instance, and then select Save.
You can't make changes on a preset dashboard directly, but you can clone and edit it. To clone a dashboard, open the browse menu (â¦) and select Clone.
To remove a dashboard from the dashboards page, you can hide it. To hide a dashboard, open the browse menu (â¦) and select Hide.
Hiding a dashboard doesn't affect other users.

To check the availability of preset dashboards for each AWS service, see the list below.
Preset dashboard availability list¶
| AWS service | Preset dashboard |
|---|---|
| Amazon EC2 Auto Scaling (built-in) | Not applicable |
| AWS Lambda (built-in) | Not applicable |
| Amazon Application and Network Load Balancer (built-in) | Not applicable |
| Amazon DynamoDB (built-in) | Not applicable |
| Amazon EBS (built-in) | Not applicable |
| Amazon EC2 (built-in) | Not applicable |
| Amazon Elastic Load Balancer (ELB) (built-in) | Not applicable |
| Amazon RDS (built-in) | Not applicable |
| Amazon S3 (built-in) | Not applicable |
| AWS Certificate Manager Private Certificate Authority | Not applicable |
| All monitored Amazon services | Not applicable |
| Amazon API Gateway | Not applicable |
| AWS App Runner | Not applicable |
| Amazon AppStream | Applicable |
| AWS AppSync | Applicable |
| Amazon Athena | Applicable |
| Amazon Aurora | Not applicable |
| Amazon EC2 Auto Scaling | Applicable |
| AWS Billing | Applicable |
| Amazon Keyspaces | Applicable |
| AWS Chatbot | Applicable |
| Amazon CloudFront | Not applicable |
| AWS CloudHSM | Applicable |
| Amazon CloudSearch | Applicable |
| AWS CodeBuild | Applicable |
| Amazon Cognito | Not applicable |
| Amazon Connect | Applicable |
| AWS DataSync | Applicable |
| Amazon DynamoDB Accelerator (DAX) | Applicable |
| AWS Database Migration Service (AWS DMS) | Applicable |
| Amazon DocumentDB | Applicable |
| AWS Direct Connect | Applicable |
| Amazon DynamoDB | Not applicable |
| Amazon EBS | Not applicable |
| Amazon EC2 Spot Fleet | Not applicable |
| Amazon EC2 API | Applicable |
| Amazon Elastic Container Service (ECS) | Not applicable |
| Amazon ECS Container Insights | Applicable |
| Amazon Elastic File System (EFS) | Not applicable |
| Amazon Elastic Kubernetes Service (EKS) | Applicable |
| Amazon ElastiCache (EC) | Not applicable |
| AWS Elastic Beanstalk | Applicable |
| Amazon Elastic Inference | Applicable |
| Amazon Elastic Transcoder | Applicable |
| Amazon Elastic Map Reduce (EMR) | Not applicable |
| Amazon Elasticsearch Service (ES) | Not applicable |
| Amazon EventBridge | Applicable |
| Amazon FSx | Applicable |
| Amazon GameLift | Applicable |
| AWS Glue | Not applicable |
| Amazon Inspector | Applicable |
| AWS Internet of Things (IoT) | Not applicable |
| AWS IoT Things Graph | Applicable |
| AWS IoT Analytics | Applicable |
| Amazon Managed Streaming for Kafka | Applicable |
| Amazon Kinesis Data Analytics | Not applicable |
| Amazon Data Firehose | Not applicable |
| Amazon Kinesis Data Streams | Not applicable |
| Amazon Kinesis Video Streams | Not applicable |
| AWS Lambda | Not applicable |
| Amazon Lex | Applicable |
| Amazon CloudWatch Logs | Applicable |
| AWS Elemental MediaTailor | Applicable |
| AWS Elemental MediaConnect | Applicable |
| AWS Elemental MediaConvert | Applicable |
| AWS Elemental MediaPackage Live | Applicable |
| AWS Elemental MediaPackage Video on Demand | Applicable |
| Amazon MQ | Applicable |
| Amazon VPC NAT Gateways | Not applicable |
| Amazon Neptune | Applicable |
| AWS OpsWorks | Applicable |
| Amazon Polly | Applicable |
| Amazon QLDB | Applicable |
| Amazon RDS | Not applicable |
| Amazon Redshift | Not applicable |
| Amazon Rekognition | Applicable |
| AWS RoboMaker | Applicable |
| Amazon Route 53 | Applicable |
| Amazon Route 53 Resolver | Applicable |
| Amazon S3 | Not applicable |
| Amazon SageMaker Batch Transform Jobs | Not applicable |
| Amazon SageMaker Endpoints | Not applicable |
| Amazon SageMaker Endpoint Instances | Not applicable |
| Amazon SageMaker Ground Truth | Not applicable |
| Amazon SageMaker Processing Jobs | Not applicable |
| Amazon SageMaker Training Jobs | Not applicable |
| AWS Service Catalog | Applicable |
| Amazon Simple Email Service (SES) | Not applicable |
| Amazon Simple Notification Service (SNS) | Not applicable |
| Amazon Simple Queue Service (SQS) | Not applicable |
| AWS Systems Manager - Run Command | Applicable |
| AWS Step Functions | Applicable |
| AWS Storage Gateway | Applicable |
| Amazon SWF | Applicable |
| Amazon Textract | Applicable |
| AWS Transfer Family | Applicable |
| AWS Transit Gateway | Applicable |
| Amazon Translate | Applicable |
| AWS Trusted Advisor | Applicable |
| AWS API Usage | Applicable |
| AWS Site-to-Site VPN | Applicable |
| AWS WAF Classic | Applicable |
| AWS WAF | Applicable |
| Amazon WorkMail | Applicable |
| Amazon WorkSpaces | Applicable |

Available metrics¶
PipelineId is the main dimension.
| Name | Description | Unit | Statistics | Dimensions | Recommended |
|---|---|---|---|---|---|
| BilledAudioOutput | The number of billable seconds of audio output for a pipeline | Seconds | Multi | PipelineId | |
| BilledAudioOutput | The number of billable seconds of HD output for a pipeline | Seconds | Sum | PipelineId | Applicable |
| BilledHDOutput | The number of billable seconds of SD output for a pipeline | Seconds | Multi | PipelineId | |
| BilledHDOutput | Seconds | Sum | PipelineId | Applicable | |
| BilledSDOutput | The number of billable seconds of SD output for a pipeline. | Seconds | Multi | PipelineId | |
| BilledSDOutput | Seconds | Sum | PipelineId | Applicable | |
| Errors | The number of errors caused by invalid operation parameters, such as a request for a job status that does not include the job ID | Count | Sum | Region, Operation | Applicable |
| JobsCompleted | The number of jobs completed by this pipeline | Count | Sum | PipelineId | Applicable |
| JobsErrored | The number of jobs that failed because of invalid inputs, such as a request to transcode a file that is not in the given input bucket | Count | Sum | PipelineId | Applicable |
| OutputsPerJob | The number of outputs Elastic Transcoder created for a job | Count | Sum | PipelineId | Applicable |
| StandbyTime | The number of seconds before Elastic Transcoder started transcoding a job | Seconds | Multi | PipelineId | Applicable |
| Throttles | The number of times that Elastic Transcoder automatically throttled an operation | Count | Sum | Region, Operation | Applicable |
Limitations¶
Amazon Elastic Transcoder doesn't support tagging.
Source: aws-service-elemental-mediaconnect.md¶
title: AWS Elemental MediaConnect monitoring source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-with-aws/aws-all-services/aws-service-elemental-mediaconnect scraped: 2026-02-18T05:54:14.366057
AWS Elemental MediaConnect monitoring¶
AWS Elemental MediaConnect monitoring¶
- How-to guide
- 14-min read
- Published Jul 06, 2020
Dynatrace ingests metrics for multiple preselected namespaces, including AWS Elemental MediaConnect. You can view metrics for each service instance, split metrics into multiple dimensions, and create custom charts that you can pin to your dashboards.
Prerequisites¶
To enable monitoring for this service, you need
-
ActiveGate version 1.197+
-
For Dynatrace SaaS deployments, you need an Environment ActiveGate or a Multi-environment ActiveGate.
For role-based access in SaaS deployment, you need an Environment ActiveGate installed on an Amazon EC2 host.
- Dynatrace version 1.200+
- An updated AWS monitoring policy to include the additional AWS services.
To update the AWS IAM policy, use the JSON below, containing the monitoring policy (permissions) for all supporting services.
JSON predefined policy for all supporting services
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"acm-pca:ListCertificateAuthorities",
"apigateway:GET",
"apprunner:ListServices",
"appstream:DescribeFleets",
"appsync:ListGraphqlApis",
"athena:ListWorkGroups",
"autoscaling:DescribeAutoScalingGroups",
"cloudformation:ListStackResources",
"cloudfront:ListDistributions",
"cloudhsm:DescribeClusters",
"cloudsearch:DescribeDomains",
"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"codebuild:ListProjects",
"datasync:ListTasks",
"dax:DescribeClusters",
"directconnect:DescribeConnections",
"dms:DescribeReplicationInstances",
"dynamodb:ListTables",
"dynamodb:ListTagsOfResource",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeInstances",
"ec2:DescribeNatGateways",
"ec2:DescribeSpotFleetRequests",
"ec2:DescribeTransitGateways",
"ec2:DescribeVolumes",
"ec2:DescribeVpnConnections",
"ecs:ListClusters",
"eks:ListClusters",
"elasticache:DescribeCacheClusters",
"elasticbeanstalk:DescribeEnvironmentResources",
"elasticbeanstalk:DescribeEnvironments",
"elasticfilesystem:DescribeFileSystems",
"elasticloadbalancing:DescribeInstanceHealth",
"elasticloadbalancing:DescribeListeners",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeRules",
"elasticloadbalancing:DescribeTags",
"elasticloadbalancing:DescribeTargetHealth",
"elasticmapreduce:ListClusters",
"elastictranscoder:ListPipelines",
"es:ListDomainNames",
"events:ListEventBuses",
"firehose:ListDeliveryStreams",
"fsx:DescribeFileSystems",
"gamelift:ListFleets",
"glue:GetJobs",
"inspector:ListAssessmentTemplates",
"kafka:ListClusters",
"kinesis:ListStreams",
"kinesisanalytics:ListApplications",
"kinesisvideo:ListStreams",
"lambda:ListFunctions",
"lambda:ListTags",
"lex:GetBots",
"logs:DescribeLogGroups",
"mediaconnect:ListFlows",
"mediaconvert:DescribeEndpoints",
"mediapackage-vod:ListPackagingConfigurations",
"mediapackage:ListChannels",
"mediatailor:ListPlaybackConfigurations",
"opsworks:DescribeStacks",
"qldb:ListLedgers",
"rds:DescribeDBClusters",
"rds:DescribeDBInstances",
"rds:DescribeEvents",
"rds:ListTagsForResource",
"redshift:DescribeClusters",
"robomaker:ListSimulationJobs",
"route53:ListHostedZones",
"route53resolver:ListResolverEndpoints",
"s3:ListAllMyBuckets",
"sagemaker:ListEndpoints",
"sns:ListTopics",
"sqs:ListQueues",
"storagegateway:ListGateways",
"sts:GetCallerIdentity",
"swf:ListDomains",
"tag:GetResources",
"tag:GetTagKeys",
"transfer:ListServers",
"workmail:ListOrganizations",
"workspaces:DescribeWorkspaces"
],
"Resource": "*"
}
]
}
If you don't want to add permissions to all services, and just select permissions for certain services, consult the table below. The table contains a set of permissions that are required for All AWS cloud services and, for each supporting service, a list of optional permissions specific to that service.
Permissions required for AWS monitoring integration:
"cloudwatch:GetMetricData""cloudwatch:GetMetricStatistics""cloudwatch:ListMetrics""sts:GetCallerIdentity""tag:GetResources""tag:GetTagKeys""ec2:DescribeAvailabilityZones"
Complete list of permissions for cloud services¶
| Name | Permissions |
|---|---|
| All monitored Amazon services Required | cloudwatch:GetMetricData, cloudwatch:GetMetricStatistics, cloudwatch:ListMetrics, sts:GetCallerIdentity, tag:GetResources, tag:GetTagKeys, ec2:DescribeAvailabilityZones |
| AWS Certificate Manager Private Certificate Authority | acm-pca:ListCertificateAuthorities |
| Amazon MQ | |
| Amazon API Gateway | apigateway:GET |
| AWS App Runner | apprunner:ListServices |
| Amazon AppStream | appstream:DescribeFleets |
| AWS AppSync | appsync:ListGraphqlApis |
| Amazon Athena | athena:ListWorkGroups |
| Amazon Aurora | rds:DescribeDBClusters |
| Amazon EC2 Auto Scaling | autoscaling:DescribeAutoScalingGroups |
| Amazon EC2 Auto Scaling (built-in) | autoscaling:DescribeAutoScalingGroups |
| AWS Billing | |
| Amazon Keyspaces | |
| AWS Chatbot | |
| Amazon CloudFront | cloudfront:ListDistributions |
| AWS CloudHSM | cloudhsm:DescribeClusters |
| Amazon CloudSearch | cloudsearch:DescribeDomains |
| AWS CodeBuild | codebuild:ListProjects |
| Amazon Cognito | |
| Amazon Connect | |
| Amazon Elastic Kubernetes Service (EKS) | eks:ListClusters |
| AWS DataSync | datasync:ListTasks |
| Amazon DynamoDB Accelerator (DAX) | dax:DescribeClusters |
| AWS Database Migration Service (AWS DMS) | dms:DescribeReplicationInstances |
| Amazon DocumentDB | rds:DescribeDBClusters |
| AWS Direct Connect | directconnect:DescribeConnections |
| Amazon DynamoDB | dynamodb:ListTables |
| Amazon DynamoDB (built-in) | dynamodb:ListTables, dynamodb:ListTagsOfResource |
| Amazon EBS | ec2:DescribeVolumes |
| Amazon EBS (built-in) | ec2:DescribeVolumes |
| Amazon EC2 API | |
| Amazon EC2 (built-in) | ec2:DescribeInstances |
| Amazon EC2 Spot Fleet | ec2:DescribeSpotFleetRequests |
| Amazon Elastic Container Service (ECS) | ecs:ListClusters |
| Amazon ECS Container Insights | ecs:ListClusters |
| Amazon ElastiCache (EC) | elasticache:DescribeCacheClusters |
| AWS Elastic Beanstalk | elasticbeanstalk:DescribeEnvironments |
| Amazon Elastic File System (EFS) | elasticfilesystem:DescribeFileSystems |
| Amazon Elastic Inference | |
| Amazon Elastic Map Reduce (EMR) | elasticmapreduce:ListClusters |
| Amazon Elasticsearch Service (ES) | es:ListDomainNames |
| Amazon Elastic Transcoder | elastictranscoder:ListPipelines |
| Amazon Elastic Load Balancer (ELB) (built-in) | elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth |
| Amazon EventBridge | events:ListEventBuses |
| Amazon FSx | fsx:DescribeFileSystems |
| Amazon GameLift | gamelift:ListFleets |
| AWS Glue | glue:GetJobs |
| Amazon Inspector | inspector:ListAssessmentTemplates |
| AWS Internet of Things (IoT) | |
| AWS IoT Analytics | |
| Amazon Managed Streaming for Kafka | kafka:ListClusters |
| Amazon Kinesis Data Analytics | kinesisanalytics:ListApplications |
| Amazon Data Firehose | firehose:ListDeliveryStreams |
| Amazon Kinesis Data Streams | kinesis:ListStreams |
| Amazon Kinesis Video Streams | kinesisvideo:ListStreams |
| AWS Lambda | lambda:ListFunctions |
| AWS Lambda (built-in) | lambda:ListFunctions, lambda:ListTags |
| Amazon Lex | lex:GetBots |
| Amazon Application and Network Load Balancer (built-in) | elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth |
| Amazon CloudWatch Logs | logs:DescribeLogGroups |
| AWS Elemental MediaConnect | mediaconnect:ListFlows |
| AWS Elemental MediaConvert | mediaconvert:DescribeEndpoints |
| AWS Elemental MediaPackage Live | mediapackage:ListChannels |
| AWS Elemental MediaPackage Video on Demand | mediapackage-vod:ListPackagingConfigurations |
| AWS Elemental MediaTailor | mediatailor:ListPlaybackConfigurations |
| Amazon VPC NAT Gateways | ec2:DescribeNatGateways |
| Amazon Neptune | rds:DescribeDBClusters |
| AWS OpsWorks | opsworks:DescribeStacks |
| Amazon Polly | |
| Amazon QLDB | qldb:ListLedgers |
| Amazon RDS | rds:DescribeDBInstances |
| Amazon RDS (built-in) | rds:DescribeDBInstances, rds:DescribeEvents, rds:ListTagsForResource |
| Amazon Redshift | redshift:DescribeClusters |
| Amazon Rekognition | |
| AWS RoboMaker | robomaker:ListSimulationJobs |
| Amazon Route 53 | route53:ListHostedZones |
| Amazon Route 53 Resolver | route53resolver:ListResolverEndpoints |
| Amazon S3 | s3:ListAllMyBuckets |
| Amazon S3 (built-in) | s3:ListAllMyBuckets |
| Amazon SageMaker Batch Transform Jobs | |
| Amazon SageMaker Endpoint Instances | sagemaker:ListEndpoints |
| Amazon SageMaker Endpoints | sagemaker:ListEndpoints |
| Amazon SageMaker Ground Truth | |
| Amazon SageMaker Processing Jobs | |
| Amazon SageMaker Training Jobs | |
| AWS Service Catalog | |
| Amazon Simple Email Service (SES) | |
| Amazon Simple Notification Service (SNS) | sns:ListTopics |
| Amazon Simple Queue Service (SQS) | sqs:ListQueues |
| AWS Systems Manager - Run Command | |
| AWS Step Functions | |
| AWS Storage Gateway | storagegateway:ListGateways |
| Amazon SWF | swf:ListDomains |
| Amazon Textract | |
| AWS IoT Things Graph | |
| AWS Transfer Family | transfer:ListServers |
| AWS Transit Gateway | ec2:DescribeTransitGateways |
| Amazon Translate | |
| AWS Trusted Advisor | |
| AWS API Usage | |
| AWS Site-to-Site VPN | ec2:DescribeVpnConnections |
| AWS WAF Classic | |
| AWS WAF | |
| Amazon WorkMail | workmail:ListOrganizations |
| Amazon WorkSpaces | workspaces:DescribeWorkspaces |
Example of JSON policy for one single service.
JSON policy for Amazon API Gateway
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"apigateway:GET",
"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"sts:GetCallerIdentity",
"tag:GetResources",
"tag:GetTagKeys",
"ec2:DescribeAvailabilityZones"
],
"Resource": "*"
}
]
}
In this example, from the complete list of permissions you need to select
"apigateway:GET"for Amazon API Gateway"cloudwatch:GetMetricData","cloudwatch:GetMetricStatistics","cloudwatch:ListMetrics","sts:GetCallerIdentity","tag:GetResources","tag:GetTagKeys", and"ec2:DescribeAvailabilityZones"for All AWS cloud services.
AWS endpoints that need to be reachable from ActiveGate with corresponding AWS services¶
| Endpoint | Service |
|---|---|
autoscaling.<REGION>.amazonaws.com |
Amazon EC2 Auto Scaling (built-in), Amazon EC2 Auto Scaling |
lambda.<REGION>.amazonaws.com |
AWS Lambda (built-in), AWS Lambda |
elasticloadbalancing.<REGION>.amazonaws.com |
Amazon Application and Network Load Balancer (built-in), Amazon Elastic Load Balancer (ELB) (built-in) |
dynamodb.<REGION>.amazonaws.com |
Amazon DynamoDB (built-in), Amazon DynamoDB |
ec2.<REGION>.amazonaws.com |
Amazon EBS (built-in), Amazon EC2 (built-in), Amazon EBS, Amazon EC2 Spot Fleet, Amazon VPC NAT Gateways, AWS Transit Gateway, AWS Site-to-Site VPN |
rds.<REGION>.amazonaws.com |
Amazon RDS (built-in), Amazon Aurora, Amazon DocumentDB, Amazon Neptune, Amazon RDS |
s3.<REGION>.amazonaws.com |
Amazon S3 (built-in) |
acm-pca.<REGION>.amazonaws.com |
AWS Certificate Manager Private Certificate Authority |
apigateway.<REGION>.amazonaws.com |
Amazon API Gateway |
apprunner.<REGION>.amazonaws.com |
AWS App Runner |
appstream2.<REGION>.amazonaws.com |
Amazon AppStream |
appsync.<REGION>.amazonaws.com |
AWS AppSync |
athena.<REGION>.amazonaws.com |
Amazon Athena |
cloudfront.amazonaws.com |
Amazon CloudFront |
cloudhsmv2.<REGION>.amazonaws.com |
AWS CloudHSM |
cloudsearch.<REGION>.amazonaws.com |
Amazon CloudSearch |
codebuild.<REGION>.amazonaws.com |
AWS CodeBuild |
datasync.<REGION>.amazonaws.com |
AWS DataSync |
dax.<REGION>.amazonaws.com |
Amazon DynamoDB Accelerator (DAX) |
dms.<REGION>.amazonaws.com |
AWS Database Migration Service (AWS DMS) |
directconnect.<REGION>.amazonaws.com |
AWS Direct Connect |
ecs.<REGION>.amazonaws.com |
Amazon Elastic Container Service (ECS), Amazon ECS Container Insights |
elasticfilesystem.<REGION>.amazonaws.com |
Amazon Elastic File System (EFS) |
eks.<REGION>.amazonaws.com |
Amazon Elastic Kubernetes Service (EKS) |
elasticache.<REGION>.amazonaws.com |
Amazon ElastiCache (EC) |
elasticbeanstalk.<REGION>.amazonaws.com |
AWS Elastic Beanstalk |
elastictranscoder.<REGION>.amazonaws.com |
Amazon Elastic Transcoder |
es.<REGION>.amazonaws.com |
Amazon Elasticsearch Service (ES) |
events.<REGION>.amazonaws.com |
Amazon EventBridge |
fsx.<REGION>.amazonaws.com |
Amazon FSx |
gamelift.<REGION>.amazonaws.com |
Amazon GameLift |
glue.<REGION>.amazonaws.com |
AWS Glue |
inspector.<REGION>.amazonaws.com |
Amazon Inspector |
kafka.<REGION>.amazonaws.com |
Amazon Managed Streaming for Kafka |
models.lex.<REGION>.amazonaws.com |
Amazon Lex |
logs.<REGION>.amazonaws.com |
Amazon CloudWatch Logs |
api.mediatailor.<REGION>.amazonaws.com |
AWS Elemental MediaTailor |
mediaconnect.<REGION>.amazonaws.com |
AWS Elemental MediaConnect |
mediapackage.<REGION>.amazonaws.com |
AWS Elemental MediaPackage Live |
mediapackage-vod.<REGION>.amazonaws.com |
AWS Elemental MediaPackage Video on Demand |
opsworks.<REGION>.amazonaws.com |
AWS OpsWorks |
qldb.<REGION>.amazonaws.com |
Amazon QLDB |
redshift.<REGION>.amazonaws.com |
Amazon Redshift |
robomaker.<REGION>.amazonaws.com |
AWS RoboMaker |
route53.amazonaws.com |
Amazon Route 53 |
route53resolver.<REGION>.amazonaws.com |
Amazon Route 53 Resolver |
api.sagemaker.<REGION>.amazonaws.com |
Amazon SageMaker Endpoints, Amazon SageMaker Endpoint Instances |
sns.<REGION>.amazonaws.com |
Amazon Simple Notification Service (SNS) |
sqs.<REGION>.amazonaws.com |
Amazon Simple Queue Service (SQS) |
storagegateway.<REGION>.amazonaws.com |
AWS Storage Gateway |
swf.<REGION>.amazonaws.com |
Amazon SWF |
transfer.<REGION>.amazonaws.com |
AWS Transfer Family |
workmail.<REGION>.amazonaws.com |
Amazon WorkMail |
workspaces.<REGION>.amazonaws.com |
Amazon WorkSpaces |
Enable monitoring¶
To learn how to enable service monitoring, see Enable service monitoring.
View service metrics¶
You can view the service metrics in your Dynatrace environment either on the custom device overview page or on your Dashboards page.
View metrics on the custom device overview page¶
To access the custom device overview page
- Go to
Technologies & Processes Classic. - Filter by service name and select the relevant custom device group.
- Once you select the custom device group, you're on the custom device group overview page.
- The custom device group overview page lists all instances (custom devices) belonging to the group. Select an instance to view the custom device overview page.
View metrics on your dashboard¶
After you add the service to monitoring, a preset dashboard containing all recommended metrics is automatically listed on your Dashboards page. To look for specific dashboards, filter by Preset and then by Name.

For existing monitored services, you might need to resave your credentials for the preset dashboard to appear on the Dashboards page. To resave your credentials, go to Settings > Cloud and virtualization > AWS, select the desired AWS instance, and then select Save.
You can't make changes on a preset dashboard directly, but you can clone and edit it. To clone a dashboard, open the browse menu (â¦) and select Clone.
To remove a dashboard from the dashboards page, you can hide it. To hide a dashboard, open the browse menu (â¦) and select Hide.
Hiding a dashboard doesn't affect other users.

To check the availability of preset dashboards for each AWS service, see the list below.
Preset dashboard availability list¶
| AWS service | Preset dashboard |
|---|---|
| Amazon EC2 Auto Scaling (built-in) | Not applicable |
| AWS Lambda (built-in) | Not applicable |
| Amazon Application and Network Load Balancer (built-in) | Not applicable |
| Amazon DynamoDB (built-in) | Not applicable |
| Amazon EBS (built-in) | Not applicable |
| Amazon EC2 (built-in) | Not applicable |
| Amazon Elastic Load Balancer (ELB) (built-in) | Not applicable |
| Amazon RDS (built-in) | Not applicable |
| Amazon S3 (built-in) | Not applicable |
| AWS Certificate Manager Private Certificate Authority | Not applicable |
| All monitored Amazon services | Not applicable |
| Amazon API Gateway | Not applicable |
| AWS App Runner | Not applicable |
| Amazon AppStream | Applicable |
| AWS AppSync | Applicable |
| Amazon Athena | Applicable |
| Amazon Aurora | Not applicable |
| Amazon EC2 Auto Scaling | Applicable |
| AWS Billing | Applicable |
| Amazon Keyspaces | Applicable |
| AWS Chatbot | Applicable |
| Amazon CloudFront | Not applicable |
| AWS CloudHSM | Applicable |
| Amazon CloudSearch | Applicable |
| AWS CodeBuild | Applicable |
| Amazon Cognito | Not applicable |
| Amazon Connect | Applicable |
| AWS DataSync | Applicable |
| Amazon DynamoDB Accelerator (DAX) | Applicable |
| AWS Database Migration Service (AWS DMS) | Applicable |
| Amazon DocumentDB | Applicable |
| AWS Direct Connect | Applicable |
| Amazon DynamoDB | Not applicable |
| Amazon EBS | Not applicable |
| Amazon EC2 Spot Fleet | Not applicable |
| Amazon EC2 API | Applicable |
| Amazon Elastic Container Service (ECS) | Not applicable |
| Amazon ECS Container Insights | Applicable |
| Amazon Elastic File System (EFS) | Not applicable |
| Amazon Elastic Kubernetes Service (EKS) | Applicable |
| Amazon ElastiCache (EC) | Not applicable |
| AWS Elastic Beanstalk | Applicable |
| Amazon Elastic Inference | Applicable |
| Amazon Elastic Transcoder | Applicable |
| Amazon Elastic Map Reduce (EMR) | Not applicable |
| Amazon Elasticsearch Service (ES) | Not applicable |
| Amazon EventBridge | Applicable |
| Amazon FSx | Applicable |
| Amazon GameLift | Applicable |
| AWS Glue | Not applicable |
| Amazon Inspector | Applicable |
| AWS Internet of Things (IoT) | Not applicable |
| AWS IoT Things Graph | Applicable |
| AWS IoT Analytics | Applicable |
| Amazon Managed Streaming for Kafka | Applicable |
| Amazon Kinesis Data Analytics | Not applicable |
| Amazon Data Firehose | Not applicable |
| Amazon Kinesis Data Streams | Not applicable |
| Amazon Kinesis Video Streams | Not applicable |
| AWS Lambda | Not applicable |
| Amazon Lex | Applicable |
| Amazon CloudWatch Logs | Applicable |
| AWS Elemental MediaTailor | Applicable |
| AWS Elemental MediaConnect | Applicable |
| AWS Elemental MediaConvert | Applicable |
| AWS Elemental MediaPackage Live | Applicable |
| AWS Elemental MediaPackage Video on Demand | Applicable |
| Amazon MQ | Applicable |
| Amazon VPC NAT Gateways | Not applicable |
| Amazon Neptune | Applicable |
| AWS OpsWorks | Applicable |
| Amazon Polly | Applicable |
| Amazon QLDB | Applicable |
| Amazon RDS | Not applicable |
| Amazon Redshift | Not applicable |
| Amazon Rekognition | Applicable |
| AWS RoboMaker | Applicable |
| Amazon Route 53 | Applicable |
| Amazon Route 53 Resolver | Applicable |
| Amazon S3 | Not applicable |
| Amazon SageMaker Batch Transform Jobs | Not applicable |
| Amazon SageMaker Endpoints | Not applicable |
| Amazon SageMaker Endpoint Instances | Not applicable |
| Amazon SageMaker Ground Truth | Not applicable |
| Amazon SageMaker Processing Jobs | Not applicable |
| Amazon SageMaker Training Jobs | Not applicable |
| AWS Service Catalog | Applicable |
| Amazon Simple Email Service (SES) | Not applicable |
| Amazon Simple Notification Service (SNS) | Not applicable |
| Amazon Simple Queue Service (SQS) | Not applicable |
| AWS Systems Manager - Run Command | Applicable |
| AWS Step Functions | Applicable |
| AWS Storage Gateway | Applicable |
| Amazon SWF | Applicable |
| Amazon Textract | Applicable |
| AWS Transfer Family | Applicable |
| AWS Transit Gateway | Applicable |
| Amazon Translate | Applicable |
| AWS Trusted Advisor | Applicable |
| AWS API Usage | Applicable |
| AWS Site-to-Site VPN | Applicable |
| AWS WAF Classic | Applicable |
| AWS WAF | Applicable |
| Amazon WorkMail | Applicable |
| Amazon WorkSpaces | Applicable |

Available metrics¶
FlowARN is the main dimension.
| Name | Description | Unit | Statistics | Dimensions | Recommended |
|---|---|---|---|---|---|
| ARQRecovered | The number of dropped packets that were recovered by automatic repeat request (ARQ) | Count | Sum | FlowARN | Applicable |
| ARQRecovered | Count | Sum | Region | ||
| ARQRecovered | Count | Sum | Region, AvailabilityZone | ||
| ARQRequests | The number of retransmitted packets that were requested through automatic repeat request (ARQ) and received | Count | Sum | Region | |
| ARQRequests | Count | Sum | Region, AvailabilityZone | ||
| ARQRequests | Count | Sum | FlowARN | Applicable | |
| BitRate | Bits/Second | Multi | Region | ||
| BitRate | Bits/Second | Multi | Region, AvailabilityZone | ||
| BitRate | Bits/Second | Multi | FlowARN | Applicable | |
| CATError | The number of times that a conditional access table (CAT) error occurred. This error indicates that the CAT is not present. | Count | Sum | FlowARN | |
| CATError | Count | Sum | Region | ||
| CATError | Count | Sum | Region, AvailabilityZone | ||
| CRCError | Count | Sum | FlowARN | ||
| CRCError | Count | Sum | Region | ||
| CRCError | Count | Sum | Region, AvailabilityZone | ||
| Connected | The status of the source. A value of one indicates that the source is connected and a value of zero indicates that the source is disconnected. | None | Multi | FlowARN | |
| Connected | None | Sum | FlowARN | ||
| Connected | None | Multi | Region | ||
| Connected | None | Multi | Region, AvailabilityZone | ||
| Connected | None | Sum | Region | ||
| Connected | None | Sum | Region, AvailabilityZone | ||
| Connected | None | Count | Region | ||
| Connected | None | Count | Region, AvailabilityZone | ||
| ConnectedOutputs | Count | Sum | Region | ||
| ConnectedOutputs | Count | Sum | Region, AvailabilityZone | ||
| ConnectedOutputs | Count | Sum | FlowARN | ||
| ContinuityCounter | The number of times that a continuity error occurred | Count | Sum | FlowARN | |
| ContinuityCounter | Count | Sum | Region | ||
| ContinuityCounter | Count | Sum | Region, AvailabilityZone | ||
| Disconnections | The number of times that the source status changed from connected to disconnected | Count | Sum | Region | |
| Disconnections | Count | Sum | Region, AvailabilityZone | ||
| Disconnections | Count | Sum | FlowARN | ||
| DroppedPackets | The number of packets that were lost during transit | Count | Sum | Region | |
| DroppedPackets | Count | Sum | Region, AvailabilityZone | ||
| DroppedPackets | Count | Sum | FlowARN | Applicable | |
| FECPackets | The number of packets that were transmitted using forward error correction (FEC) and received | Count | Sum | FlowARN | Applicable |
| FECPackets | Count | Sum | Region | ||
| FECPackets | Count | Sum | Region, AvailabilityZone | ||
| FECRecovered | The number of packets that were transmitted using forward error correction (FEC), lost during transit, and recovered | Count | Sum | FlowARN | Applicable |
| FECRecovered | Count | Sum | Region | ||
| FECRecovered | Count | Sum | Region, AvailabilityZone | ||
| NotRecoveredPackets | The number of packets that were lost during transit and were not recovered by error correction | Count | Sum | FlowARN | Applicable |
| NotRecoveredPackets | Count | Sum | Region | ||
| NotRecoveredPackets | Count | Sum | Region, AvailabilityZone | ||
| OutputConnected | None | Multi | Region, OutputARN | ||
| OutputConnected | None | Multi | FlowARN | ||
| OutputConnected | None | Multi | Region | ||
| OutputConnected | None | Multi | Region, AvailabilityZone | ||
| OutputDisconnections | Count | Sum | Region, OutputARN | ||
| OutputDisconnections | Count | Sum | FlowARN | ||
| OutputDisconnections | Count | Sum | Region | ||
| OutputDisconnections | Count | Sum | Region, AvailabilityZone | ||
| OverflowPackets | The number of packets that were lost in transit because the video required more buffer than was available | Count | Sum | FlowARN | Applicable |
| OverflowPackets | Count | Sum | Region | ||
| OverflowPackets | Count | Sum | Region, AvailabilityZone | ||
| PATError | The number of times that a program association table (PAT) error occurred | Count | Sum | Region | |
| PATError | Count | Sum | Region, AvailabilityZone | ||
| PATError | Count | Sum | FlowARN | ||
| PCRAccuracyError | The number of times that a program clock register (PCR) accuracy error occurred | Count | Sum | Region | |
| PCRAccuracyError | Count | Sum | Region, AvailabilityZone | ||
| PCRAccuracyError | Count | Sum | FlowARN | ||
| PCRError | The number of times that a PCR error occurred | Count | Sum | FlowARN | |
| PCRError | Count | Sum | Region | ||
| PCRError | Count | Sum | Region, AvailabilityZone | ||
| PIDError | The number of times that a packet identifier (PID) error occurred | Count | Sum | Region | |
| PIDError | Count | Sum | Region, AvailabilityZone | ||
| PIDError | Count | Sum | FlowARN | ||
| PMTError | The number of times that a program map table (PMT) error occurred | Count | Sum | FlowARN | |
| PMTError | Count | Sum | Region | ||
| PMTError | Count | Sum | Region, AvailabilityZone | ||
| PTSError | The number of times that a presentation timestamp (PTS) error occurred | Count | Sum | FlowARN | |
| PTSError | Count | Sum | Region | ||
| PTSError | Count | Sum | Region, AvailabilityZone | ||
| PacketLossPercent | The percentage of packets that were lost during transit, even if they were recovered | Percent | Multi | Region | |
| PacketLossPercent | Percent | Multi | Region, AvailabilityZone | ||
| PacketLossPercent | Percent | Multi | FlowARN | Applicable | |
| RecoveredPackets | The number of packets that were lost during transit, but recovered | Count | Sum | FlowARN | Applicable |
| RecoveredPackets | Count | Sum | Region | ||
| RecoveredPackets | Count | Sum | Region, AvailabilityZone | ||
| RoundTripTime | The amount of time it takes for the source to send a signal and receive an acknowledgment from AWS Elemental MediaConnect | Milliseconds | Multi | Region | |
| RoundTripTime | Milliseconds | Multi | Region, AvailabilityZone | ||
| RoundTripTime | Milliseconds | Multi | FlowARN | Applicable | |
| SourceARQRecovered | Count | Sum | Region | ||
| SourceARQRecovered | Count | Sum | Region, AvailabilityZone | ||
| SourceARQRecovered | Count | Sum | Region, SourceARN | ||
| SourceARQRecovered | Count | Sum | FlowARN | ||
| SourceARQRequests | Count | Sum | FlowARN | ||
| SourceARQRequests | Count | Sum | Region | ||
| SourceARQRequests | Count | Sum | Region, AvailabilityZone | ||
| SourceARQRequests | Count | Sum | Region, SourceARN | ||
| SourceBitRate | The bitrate of the incoming (source) video | Bits/Second | Multi | FlowARN | |
| SourceBitRate | Bits/Second | Multi | Region | ||
| SourceBitRate | Bits/Second | Multi | Region, AvailabilityZone | ||
| SourceBitRate | Bits/Second | Multi | Region, SourceARN | ||
| SourceCATError | Count | Sum | FlowARN | ||
| SourceCATError | Count | Sum | Region | ||
| SourceCATError | Count | Sum | Region, AvailabilityZone | ||
| SourceCATError | Count | Sum | Region, SourceARN | ||
| SourceCRCError | Count | Sum | FlowARN | ||
| SourceCRCError | Count | Sum | Region | ||
| SourceCRCError | Count | Sum | Region, AvailabilityZone | ||
| SourceCRCError | Count | Sum | Region, SourceARN | ||
| SourceConnected | None | Multi | Region | ||
| SourceConnected | None | Multi | Region, AvailabilityZone | ||
| SourceConnected | None | Multi | Region, SourceARN | ||
| SourceConnected | None | Sum | Region | ||
| SourceConnected | None | Sum | Region, AvailabilityZone | ||
| SourceConnected | None | Sum | Region, SourceARN | ||
| SourceConnected | None | Count | Region | ||
| SourceConnected | None | Count | Region, AvailabilityZone | ||
| SourceConnected | None | Count | Region, SourceARN | ||
| SourceConnected | None | Multi | FlowARN | ||
| SourceConnected | None | Sum | FlowARN | ||
| SourceContinuityCounter | Count | Sum | Region | ||
| SourceContinuityCounter | Count | Sum | Region, AvailabilityZone | ||
| SourceContinuityCounter | Count | Sum | Region, SourceARN | ||
| SourceContinuityCounter | Count | Sum | FlowARN | ||
| SourceDisconnections | Count | Sum | FlowARN | ||
| SourceDisconnections | Count | Sum | Region | ||
| SourceDisconnections | Count | Sum | Region, AvailabilityZone | ||
| SourceDisconnections | Count | Sum | Region, SourceARN | ||
| SourceDroppedPackets | Count | Sum | Region | ||
| SourceDroppedPackets | Count | Sum | Region, AvailabilityZone | ||
| SourceDroppedPackets | Count | Sum | Region, SourceARN | ||
| SourceDroppedPackets | Count | Sum | FlowARN | ||
| SourceFECPackets | Count | Sum | Region | ||
| SourceFECPackets | Count | Sum | Region, AvailabilityZone | ||
| SourceFECPackets | Count | Sum | Region, SourceARN | ||
| SourceFECPackets | Count | Sum | FlowARN | ||
| SourceFECRecovered | Count | Sum | Region | ||
| SourceFECRecovered | Count | Sum | Region, AvailabilityZone | ||
| SourceFECRecovered | Count | Sum | Region, SourceARN | ||
| SourceFECRecovered | Count | Sum | FlowARN | ||
| SourceNotRecoveredPackets | Count | Sum | Region | ||
| SourceNotRecoveredPackets | Count | Sum | Region, AvailabilityZone | ||
| SourceNotRecoveredPackets | Count | Sum | Region, SourceARN | ||
| SourceNotRecoveredPackets | Count | Sum | FlowARN | ||
| SourceOverflowPackets | Count | Sum | Region | ||
| SourceOverflowPackets | Count | Sum | Region, AvailabilityZone | ||
| SourceOverflowPackets | Count | Sum | Region, SourceARN | ||
| SourceOverflowPackets | Count | Sum | FlowARN | ||
| SourcePATError | Count | Sum | FlowARN | ||
| SourcePATError | Count | Sum | Region | ||
| SourcePATError | Count | Sum | Region, AvailabilityZone | ||
| SourcePATError | Count | Sum | Region, SourceARN | ||
| SourcePCRAccuracyError | Count | Sum | FlowARN | ||
| SourcePCRAccuracyError | Count | Sum | Region | ||
| SourcePCRAccuracyError | Count | Sum | Region, AvailabilityZone | ||
| SourcePCRAccuracyError | Count | Sum | Region, SourceARN | ||
| SourcePCRError | Count | Sum | Region | ||
| SourcePCRError | Count | Sum | Region, AvailabilityZone | ||
| SourcePCRError | Count | Sum | Region, SourceARN | ||
| SourcePCRError | Count | Sum | FlowARN | ||
| SourcePIDError | Count | Sum | FlowARN | ||
| SourcePIDError | Count | Sum | Region | ||
| SourcePIDError | Count | Sum | Region, AvailabilityZone | ||
| SourcePIDError | Count | Sum | Region, SourceARN | ||
| SourcePMTError | Count | Sum | Region | ||
| SourcePMTError | Count | Sum | Region, AvailabilityZone | ||
| SourcePMTError | Count | Sum | Region, SourceARN | ||
| SourcePMTError | Count | Sum | FlowARN | ||
| SourcePTSError | Count | Sum | Region | ||
| SourcePTSError | Count | Sum | Region, AvailabilityZone | ||
| SourcePTSError | Count | Sum | Region, SourceARN | ||
| SourcePTSError | Count | Sum | FlowARN | ||
| SourcePacketLossPercent | Percent | Multi | FlowARN | ||
| SourcePacketLossPercent | Percent | Multi | Region | ||
| SourcePacketLossPercent | Percent | Multi | Region, AvailabilityZone | ||
| SourcePacketLossPercent | Percent | Multi | Region, SourceARN | ||
| SourceRecoveredPackets | Count | Sum | FlowARN | ||
| SourceRecoveredPackets | Count | Sum | Region | ||
| SourceRecoveredPackets | Count | Sum | Region, AvailabilityZone | ||
| SourceRecoveredPackets | Count | Sum | Region, SourceARN | ||
| SourceRoundTripTime | Milliseconds | Multi | Region | ||
| SourceRoundTripTime | Milliseconds | Multi | Region, AvailabilityZone | ||
| SourceRoundTripTime | Milliseconds | Multi | Region, SourceARN | ||
| SourceRoundTripTime | Milliseconds | Multi | FlowARN | ||
| SourceTSByteError | Count | Sum | Region | ||
| SourceTSByteError | Count | Sum | Region, AvailabilityZone | ||
| SourceTSByteError | Count | Sum | Region, SourceARN | ||
| SourceTSByteError | Count | Sum | FlowARN | ||
| SourceTSSyncLoss | Count | Sum | Region | ||
| SourceTSSyncLoss | Count | Sum | Region, AvailabilityZone | ||
| SourceTSSyncLoss | Count | Sum | Region, SourceARN | ||
| SourceTSSyncLoss | Count | Sum | FlowARN | ||
| SourceTotalPackets | Count | Sum | Region | ||
| SourceTotalPackets | Count | Sum | Region, AvailabilityZone | ||
| SourceTotalPackets | Count | Sum | Region, SourceARN | ||
| SourceTotalPackets | Count | Sum | FlowARN | ||
| SourceTransportError | Count | Sum | FlowARN | ||
| SourceTransportError | Count | Sum | Region | ||
| SourceTransportError | Count | Sum | Region, AvailabilityZone | ||
| SourceTransportError | Count | Sum | Region, SourceARN | ||
| TSByteError | The number of times that a transport stream (TS) byte error occurred | Count | Sum | Region | |
| TSByteError | Count | Sum | Region, AvailabilityZone | ||
| TSByteError | Count | Sum | FlowARN | ||
| TSSyncLoss | The number of times that a transport stream (TS) sync loss error occurred | Count | Sum | FlowARN | |
| TSSyncLoss | Count | Sum | Region | ||
| TSSyncLoss | Count | Sum | Region, AvailabilityZone | ||
| TotalPackets | The total number of packets that were received | Count | Sum | Region | |
| TotalPackets | Count | Sum | Region, AvailabilityZone | ||
| TotalPackets | Count | Sum | FlowARN | Applicable | |
| TransportError | The number of times that a primary transport error occurred | Count | Sum | Region | |
| TransportError | Count | Sum | Region, AvailabilityZone | ||
| TransportError | Count | Sum | FlowARN |
Source: aws-service-elemental-mediaconvert.md¶
title: AWS Elemental MediaConvert monitoring source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-with-aws/aws-all-services/aws-service-elemental-mediaconvert scraped: 2026-02-16T21:30:47.844020
AWS Elemental MediaConvert monitoring¶
AWS Elemental MediaConvert monitoring¶
- How-to guide
- 2-min read
- Published Jul 21, 2020
Dynatrace ingests metrics for multiple preselected namespaces, including AWS Elemental MediaConvert. You can view graphs per service instance, with a set of dimensions, and create custom graphs that you can pin to your dashboards.
Prerequisites¶
To enable monitoring for this service, you need
-
ActiveGate version 1.197+
-
For Dynatrace SaaS deployments, you need an Environment ActiveGate or a Multi-environment ActiveGate.
For role-based access in SaaS deployment, you need an Environment ActiveGate installed on an Amazon EC2 host.
- Dynatrace version 1.200+
- An updated AWS monitoring policy to include the additional AWS services.
To update the AWS IAM policy, use the JSON below, containing the monitoring policy (permissions) for all supporting services.
JSON predefined policy for all supporting services
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"acm-pca:ListCertificateAuthorities",
"apigateway:GET",
"apprunner:ListServices",
"appstream:DescribeFleets",
"appsync:ListGraphqlApis",
"athena:ListWorkGroups",
"autoscaling:DescribeAutoScalingGroups",
"cloudformation:ListStackResources",
"cloudfront:ListDistributions",
"cloudhsm:DescribeClusters",
"cloudsearch:DescribeDomains",
"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"codebuild:ListProjects",
"datasync:ListTasks",
"dax:DescribeClusters",
"directconnect:DescribeConnections",
"dms:DescribeReplicationInstances",
"dynamodb:ListTables",
"dynamodb:ListTagsOfResource",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeInstances",
"ec2:DescribeNatGateways",
"ec2:DescribeSpotFleetRequests",
"ec2:DescribeTransitGateways",
"ec2:DescribeVolumes",
"ec2:DescribeVpnConnections",
"ecs:ListClusters",
"eks:ListClusters",
"elasticache:DescribeCacheClusters",
"elasticbeanstalk:DescribeEnvironmentResources",
"elasticbeanstalk:DescribeEnvironments",
"elasticfilesystem:DescribeFileSystems",
"elasticloadbalancing:DescribeInstanceHealth",
"elasticloadbalancing:DescribeListeners",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeRules",
"elasticloadbalancing:DescribeTags",
"elasticloadbalancing:DescribeTargetHealth",
"elasticmapreduce:ListClusters",
"elastictranscoder:ListPipelines",
"es:ListDomainNames",
"events:ListEventBuses",
"firehose:ListDeliveryStreams",
"fsx:DescribeFileSystems",
"gamelift:ListFleets",
"glue:GetJobs",
"inspector:ListAssessmentTemplates",
"kafka:ListClusters",
"kinesis:ListStreams",
"kinesisanalytics:ListApplications",
"kinesisvideo:ListStreams",
"lambda:ListFunctions",
"lambda:ListTags",
"lex:GetBots",
"logs:DescribeLogGroups",
"mediaconnect:ListFlows",
"mediaconvert:DescribeEndpoints",
"mediapackage-vod:ListPackagingConfigurations",
"mediapackage:ListChannels",
"mediatailor:ListPlaybackConfigurations",
"opsworks:DescribeStacks",
"qldb:ListLedgers",
"rds:DescribeDBClusters",
"rds:DescribeDBInstances",
"rds:DescribeEvents",
"rds:ListTagsForResource",
"redshift:DescribeClusters",
"robomaker:ListSimulationJobs",
"route53:ListHostedZones",
"route53resolver:ListResolverEndpoints",
"s3:ListAllMyBuckets",
"sagemaker:ListEndpoints",
"sns:ListTopics",
"sqs:ListQueues",
"storagegateway:ListGateways",
"sts:GetCallerIdentity",
"swf:ListDomains",
"tag:GetResources",
"tag:GetTagKeys",
"transfer:ListServers",
"workmail:ListOrganizations",
"workspaces:DescribeWorkspaces"
],
"Resource": "*"
}
]
}
If you don't want to add permissions to all services, and just select permissions for certain services, consult the table below. The table contains a set of permissions that are required for All AWS cloud services and, for each supporting service, a list of optional permissions specific to that service.
Permissions required for AWS monitoring integration:
"cloudwatch:GetMetricData""cloudwatch:GetMetricStatistics""cloudwatch:ListMetrics""sts:GetCallerIdentity""tag:GetResources""tag:GetTagKeys""ec2:DescribeAvailabilityZones"
Complete list of permissions for cloud services¶
| Name | Permissions |
|---|---|
| All monitored Amazon services Required | cloudwatch:GetMetricData, cloudwatch:GetMetricStatistics, cloudwatch:ListMetrics, sts:GetCallerIdentity, tag:GetResources, tag:GetTagKeys, ec2:DescribeAvailabilityZones |
| AWS Certificate Manager Private Certificate Authority | acm-pca:ListCertificateAuthorities |
| Amazon MQ | |
| Amazon API Gateway | apigateway:GET |
| AWS App Runner | apprunner:ListServices |
| Amazon AppStream | appstream:DescribeFleets |
| AWS AppSync | appsync:ListGraphqlApis |
| Amazon Athena | athena:ListWorkGroups |
| Amazon Aurora | rds:DescribeDBClusters |
| Amazon EC2 Auto Scaling | autoscaling:DescribeAutoScalingGroups |
| Amazon EC2 Auto Scaling (built-in) | autoscaling:DescribeAutoScalingGroups |
| AWS Billing | |
| Amazon Keyspaces | |
| AWS Chatbot | |
| Amazon CloudFront | cloudfront:ListDistributions |
| AWS CloudHSM | cloudhsm:DescribeClusters |
| Amazon CloudSearch | cloudsearch:DescribeDomains |
| AWS CodeBuild | codebuild:ListProjects |
| Amazon Cognito | |
| Amazon Connect | |
| Amazon Elastic Kubernetes Service (EKS) | eks:ListClusters |
| AWS DataSync | datasync:ListTasks |
| Amazon DynamoDB Accelerator (DAX) | dax:DescribeClusters |
| AWS Database Migration Service (AWS DMS) | dms:DescribeReplicationInstances |
| Amazon DocumentDB | rds:DescribeDBClusters |
| AWS Direct Connect | directconnect:DescribeConnections |
| Amazon DynamoDB | dynamodb:ListTables |
| Amazon DynamoDB (built-in) | dynamodb:ListTables, dynamodb:ListTagsOfResource |
| Amazon EBS | ec2:DescribeVolumes |
| Amazon EBS (built-in) | ec2:DescribeVolumes |
| Amazon EC2 API | |
| Amazon EC2 (built-in) | ec2:DescribeInstances |
| Amazon EC2 Spot Fleet | ec2:DescribeSpotFleetRequests |
| Amazon Elastic Container Service (ECS) | ecs:ListClusters |
| Amazon ECS Container Insights | ecs:ListClusters |
| Amazon ElastiCache (EC) | elasticache:DescribeCacheClusters |
| AWS Elastic Beanstalk | elasticbeanstalk:DescribeEnvironments |
| Amazon Elastic File System (EFS) | elasticfilesystem:DescribeFileSystems |
| Amazon Elastic Inference | |
| Amazon Elastic Map Reduce (EMR) | elasticmapreduce:ListClusters |
| Amazon Elasticsearch Service (ES) | es:ListDomainNames |
| Amazon Elastic Transcoder | elastictranscoder:ListPipelines |
| Amazon Elastic Load Balancer (ELB) (built-in) | elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth |
| Amazon EventBridge | events:ListEventBuses |
| Amazon FSx | fsx:DescribeFileSystems |
| Amazon GameLift | gamelift:ListFleets |
| AWS Glue | glue:GetJobs |
| Amazon Inspector | inspector:ListAssessmentTemplates |
| AWS Internet of Things (IoT) | |
| AWS IoT Analytics | |
| Amazon Managed Streaming for Kafka | kafka:ListClusters |
| Amazon Kinesis Data Analytics | kinesisanalytics:ListApplications |
| Amazon Data Firehose | firehose:ListDeliveryStreams |
| Amazon Kinesis Data Streams | kinesis:ListStreams |
| Amazon Kinesis Video Streams | kinesisvideo:ListStreams |
| AWS Lambda | lambda:ListFunctions |
| AWS Lambda (built-in) | lambda:ListFunctions, lambda:ListTags |
| Amazon Lex | lex:GetBots |
| Amazon Application and Network Load Balancer (built-in) | elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth |
| Amazon CloudWatch Logs | logs:DescribeLogGroups |
| AWS Elemental MediaConnect | mediaconnect:ListFlows |
| AWS Elemental MediaConvert | mediaconvert:DescribeEndpoints |
| AWS Elemental MediaPackage Live | mediapackage:ListChannels |
| AWS Elemental MediaPackage Video on Demand | mediapackage-vod:ListPackagingConfigurations |
| AWS Elemental MediaTailor | mediatailor:ListPlaybackConfigurations |
| Amazon VPC NAT Gateways | ec2:DescribeNatGateways |
| Amazon Neptune | rds:DescribeDBClusters |
| AWS OpsWorks | opsworks:DescribeStacks |
| Amazon Polly | |
| Amazon QLDB | qldb:ListLedgers |
| Amazon RDS | rds:DescribeDBInstances |
| Amazon RDS (built-in) | rds:DescribeDBInstances, rds:DescribeEvents, rds:ListTagsForResource |
| Amazon Redshift | redshift:DescribeClusters |
| Amazon Rekognition | |
| AWS RoboMaker | robomaker:ListSimulationJobs |
| Amazon Route 53 | route53:ListHostedZones |
| Amazon Route 53 Resolver | route53resolver:ListResolverEndpoints |
| Amazon S3 | s3:ListAllMyBuckets |
| Amazon S3 (built-in) | s3:ListAllMyBuckets |
| Amazon SageMaker Batch Transform Jobs | |
| Amazon SageMaker Endpoint Instances | sagemaker:ListEndpoints |
| Amazon SageMaker Endpoints | sagemaker:ListEndpoints |
| Amazon SageMaker Ground Truth | |
| Amazon SageMaker Processing Jobs | |
| Amazon SageMaker Training Jobs | |
| AWS Service Catalog | |
| Amazon Simple Email Service (SES) | |
| Amazon Simple Notification Service (SNS) | sns:ListTopics |
| Amazon Simple Queue Service (SQS) | sqs:ListQueues |
| AWS Systems Manager - Run Command | |
| AWS Step Functions | |
| AWS Storage Gateway | storagegateway:ListGateways |
| Amazon SWF | swf:ListDomains |
| Amazon Textract | |
| AWS IoT Things Graph | |
| AWS Transfer Family | transfer:ListServers |
| AWS Transit Gateway | ec2:DescribeTransitGateways |
| Amazon Translate | |
| AWS Trusted Advisor | |
| AWS API Usage | |
| AWS Site-to-Site VPN | ec2:DescribeVpnConnections |
| AWS WAF Classic | |
| AWS WAF | |
| Amazon WorkMail | workmail:ListOrganizations |
| Amazon WorkSpaces | workspaces:DescribeWorkspaces |
Example of JSON policy for one single service.
JSON policy for Amazon API Gateway
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"apigateway:GET",
"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"sts:GetCallerIdentity",
"tag:GetResources",
"tag:GetTagKeys",
"ec2:DescribeAvailabilityZones"
],
"Resource": "*"
}
]
}
In this example, from the complete list of permissions you need to select
"apigateway:GET"for Amazon API Gateway"cloudwatch:GetMetricData","cloudwatch:GetMetricStatistics","cloudwatch:ListMetrics","sts:GetCallerIdentity","tag:GetResources","tag:GetTagKeys", and"ec2:DescribeAvailabilityZones"for All AWS cloud services.
Enable monitoring¶
To learn how to enable service monitoring, see Enable service monitoring.
View service metrics¶
You can view the service metrics in your Dynatrace environment either on the custom device overview page or on your Dashboards page.
View metrics on the custom device overview page¶
To access the custom device overview page
- Go to
Technologies & Processes Classic. - Filter by service name and select the relevant custom device group.
- Once you select the custom device group, you're on the custom device group overview page.
- The custom device group overview page lists all instances (custom devices) belonging to the group. Select an instance to view the custom device overview page.
View metrics on your dashboard¶
After you add the service to monitoring, a preset dashboard containing all recommended metrics is automatically listed on your Dashboards page. To look for specific dashboards, filter by Preset and then by Name.

For existing monitored services, you might need to resave your credentials for the preset dashboard to appear on the Dashboards page. To resave your credentials, go to Settings > Cloud and virtualization > AWS, select the desired AWS instance, and then select Save.
You can't make changes on a preset dashboard directly, but you can clone and edit it. To clone a dashboard, open the browse menu (â¦) and select Clone.
To remove a dashboard from the dashboards page, you can hide it. To hide a dashboard, open the browse menu (â¦) and select Hide.
Hiding a dashboard doesn't affect other users.

To check the availability of preset dashboards for each AWS service, see the list below.
Preset dashboard availability list¶
| AWS service | Preset dashboard |
|---|---|
| Amazon EC2 Auto Scaling (built-in) | Not applicable |
| AWS Lambda (built-in) | Not applicable |
| Amazon Application and Network Load Balancer (built-in) | Not applicable |
| Amazon DynamoDB (built-in) | Not applicable |
| Amazon EBS (built-in) | Not applicable |
| Amazon EC2 (built-in) | Not applicable |
| Amazon Elastic Load Balancer (ELB) (built-in) | Not applicable |
| Amazon RDS (built-in) | Not applicable |
| Amazon S3 (built-in) | Not applicable |
| AWS Certificate Manager Private Certificate Authority | Not applicable |
| All monitored Amazon services | Not applicable |
| Amazon API Gateway | Not applicable |
| AWS App Runner | Not applicable |
| Amazon AppStream | Applicable |
| AWS AppSync | Applicable |
| Amazon Athena | Applicable |
| Amazon Aurora | Not applicable |
| Amazon EC2 Auto Scaling | Applicable |
| AWS Billing | Applicable |
| Amazon Keyspaces | Applicable |
| AWS Chatbot | Applicable |
| Amazon CloudFront | Not applicable |
| AWS CloudHSM | Applicable |
| Amazon CloudSearch | Applicable |
| AWS CodeBuild | Applicable |
| Amazon Cognito | Not applicable |
| Amazon Connect | Applicable |
| AWS DataSync | Applicable |
| Amazon DynamoDB Accelerator (DAX) | Applicable |
| AWS Database Migration Service (AWS DMS) | Applicable |
| Amazon DocumentDB | Applicable |
| AWS Direct Connect | Applicable |
| Amazon DynamoDB | Not applicable |
| Amazon EBS | Not applicable |
| Amazon EC2 Spot Fleet | Not applicable |
| Amazon EC2 API | Applicable |
| Amazon Elastic Container Service (ECS) | Not applicable |
| Amazon ECS Container Insights | Applicable |
| Amazon Elastic File System (EFS) | Not applicable |
| Amazon Elastic Kubernetes Service (EKS) | Applicable |
| Amazon ElastiCache (EC) | Not applicable |
| AWS Elastic Beanstalk | Applicable |
| Amazon Elastic Inference | Applicable |
| Amazon Elastic Transcoder | Applicable |
| Amazon Elastic Map Reduce (EMR) | Not applicable |
| Amazon Elasticsearch Service (ES) | Not applicable |
| Amazon EventBridge | Applicable |
| Amazon FSx | Applicable |
| Amazon GameLift | Applicable |
| AWS Glue | Not applicable |
| Amazon Inspector | Applicable |
| AWS Internet of Things (IoT) | Not applicable |
| AWS IoT Things Graph | Applicable |
| AWS IoT Analytics | Applicable |
| Amazon Managed Streaming for Kafka | Applicable |
| Amazon Kinesis Data Analytics | Not applicable |
| Amazon Data Firehose | Not applicable |
| Amazon Kinesis Data Streams | Not applicable |
| Amazon Kinesis Video Streams | Not applicable |
| AWS Lambda | Not applicable |
| Amazon Lex | Applicable |
| Amazon CloudWatch Logs | Applicable |
| AWS Elemental MediaTailor | Applicable |
| AWS Elemental MediaConnect | Applicable |
| AWS Elemental MediaConvert | Applicable |
| AWS Elemental MediaPackage Live | Applicable |
| AWS Elemental MediaPackage Video on Demand | Applicable |
| Amazon MQ | Applicable |
| Amazon VPC NAT Gateways | Not applicable |
| Amazon Neptune | Applicable |
| AWS OpsWorks | Applicable |
| Amazon Polly | Applicable |
| Amazon QLDB | Applicable |
| Amazon RDS | Not applicable |
| Amazon Redshift | Not applicable |
| Amazon Rekognition | Applicable |
| AWS RoboMaker | Applicable |
| Amazon Route 53 | Applicable |
| Amazon Route 53 Resolver | Applicable |
| Amazon S3 | Not applicable |
| Amazon SageMaker Batch Transform Jobs | Not applicable |
| Amazon SageMaker Endpoints | Not applicable |
| Amazon SageMaker Endpoint Instances | Not applicable |
| Amazon SageMaker Ground Truth | Not applicable |
| Amazon SageMaker Processing Jobs | Not applicable |
| Amazon SageMaker Training Jobs | Not applicable |
| AWS Service Catalog | Applicable |
| Amazon Simple Email Service (SES) | Not applicable |
| Amazon Simple Notification Service (SNS) | Not applicable |
| Amazon Simple Queue Service (SQS) | Not applicable |
| AWS Systems Manager - Run Command | Applicable |
| AWS Step Functions | Applicable |
| AWS Storage Gateway | Applicable |
| Amazon SWF | Applicable |
| Amazon Textract | Applicable |
| AWS Transfer Family | Applicable |
| AWS Transit Gateway | Applicable |
| Amazon Translate | Applicable |
| AWS Trusted Advisor | Applicable |
| AWS API Usage | Applicable |
| AWS Site-to-Site VPN | Applicable |
| AWS WAF Classic | Applicable |
| AWS WAF | Applicable |
| Amazon WorkMail | Applicable |
| Amazon WorkSpaces | Applicable |

Available metrics¶
Queue is the main dimension.
| Name | Description | Unit | Statistics | Dimensions | Recommended |
|---|---|---|---|---|---|
| AudioOutputDuration | The number of seconds of audio-only output for a queue | Milliseconds | Multi | Queue | |
| AudioOutputDuration | Milliseconds | Sum | Queue | Applicable | |
| Errors | The number of errors caused by invalid operation parameters, such as a request for a job status that does not include the job ID | Count | Sum | Region, Operation | Applicable |
| HDOutputDuration | The number of seconds of high-definition (HD) output for a queue | Milliseconds | Multi | Queue | |
| HDOutputDuration | Milliseconds | Sum | Queue | Applicable | |
| JobsCanceledCount | The number of jobs canceled in this queue | Count | Sum | Queue | Applicable |
| JobsCompletedCount | The number of jobs completed in this queue | Count | Sum | Queue | Applicable |
| JobsErroredCount | The number of jobs that failed because of invalid inputs, such as a request to transcode a file that is not in the specified input bucket | Count | Sum | Queue | Applicable |
| 8KOutputDuration | The number of seconds of 8K output for a queue | Milliseconds | Multi | Queue | |
| 8KOutputDuration | Milliseconds | Sum | Queue | Applicable | |
| SDOutputDuration | The number of seconds of standard definition (SD) output for a queue | Milliseconds | Multi | Queue | |
| SDOutputDuration | Milliseconds | Sum | Queue | Applicable | |
| StandbyTime | The number of seconds before AWS Elemental MediaConvert starts transcoding a job | Milliseconds | Multi | Region | Applicable |
| StandbyTime | Milliseconds | Multi | Queue | Applicable | |
| TranscodingTime | The number of seconds for AWS Elemental MediaConvert to complete transcoding | Milliseconds | Multi | Queue | Applicable |
| UHDOutputDuration | The number of seconds of ultra-high-definition (UHD) output for a queue | Milliseconds | Multi | Queue | |
| UHDOutputDuration | Milliseconds | Sum | Queue | Applicable |
Limitations¶
Dynatrace is currently not gathering any instance attributes for AWS Elemental MediaConvert.
Source: aws-service-elemental-mediapackage.md¶
title: AWS Elemental MediaPackage (Live, Video on Demand) monitoring source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-with-aws/aws-all-services/aws-service-elemental-mediapackage scraped: 2026-02-17T04:57:22.904140
AWS Elemental MediaPackage (Live, Video on Demand) monitoring¶
AWS Elemental MediaPackage (Live, Video on Demand) monitoring¶
- How-to guide
- 5-min read
- Published Jul 06, 2020
Dynatrace ingests metrics for multiple preselected namespaces, including AWS Elemental MediaPackage (Live, Video on Demand). You can view metrics for each service instance, split metrics into multiple dimensions, and create custom charts that you can pin to your dashboards.
Prerequisites¶
To enable monitoring for this service, you need
- An Environment or Cluster ActiveGate version 1.197+
- For AWS Elemental MediaPackage Live, Dynatrace version 1.203+
- For AWS Elemental MediaPackage Video on Demand, Dynatrace version 1.204+
- An updated AWS monitoring policy to include the additional AWS services.
To update the AWS IAM policy, use the JSON below.
Predefined policy in JSON
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"acm-pca:ListCertificateAuthorities",
"apigateway:GET",
"apprunner:ListServices",
"appstream:DescribeFleets",
"appsync:ListGraphqlApis",
"athena:ListWorkGroups",
"autoscaling:DescribeAutoScalingGroups",
"cloudformation:ListStackResources",
"cloudfront:ListDistributions",
"cloudhsm:DescribeClusters",
"cloudsearch:DescribeDomains",
"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"codebuild:ListProjects",
"datasync:ListTasks",
"dax:DescribeClusters",
"directconnect:DescribeConnections",
"dms:DescribeReplicationInstances",
"dynamodb:ListTables",
"dynamodb:ListTagsOfResource",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeInstances",
"ec2:DescribeNatGateways",
"ec2:DescribeSpotFleetRequests",
"ec2:DescribeTransitGateways",
"ec2:DescribeVolumes",
"ec2:DescribeVpnConnections",
"ecs:ListClusters",
"eks:ListClusters",
"elasticache:DescribeCacheClusters",
"elasticbeanstalk:DescribeEnvironmentResources",
"elasticbeanstalk:DescribeEnvironments",
"elasticfilesystem:DescribeFileSystems",
"elasticloadbalancing:DescribeInstanceHealth",
"elasticloadbalancing:DescribeListeners",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeRules",
"elasticloadbalancing:DescribeTags",
"elasticloadbalancing:DescribeTargetHealth",
"elasticmapreduce:ListClusters",
"elastictranscoder:ListPipelines",
"es:ListDomainNames",
"events:ListEventBuses",
"firehose:ListDeliveryStreams",
"fsx:DescribeFileSystems",
"gamelift:ListFleets",
"glue:GetJobs",
"inspector:ListAssessmentTemplates",
"kafka:ListClusters",
"kinesis:ListStreams",
"kinesisanalytics:ListApplications",
"kinesisvideo:ListStreams",
"lambda:ListFunctions",
"lambda:ListTags",
"lex:GetBots",
"logs:DescribeLogGroups",
"mediaconnect:ListFlows",
"mediaconvert:DescribeEndpoints",
"mediapackage-vod:ListPackagingConfigurations",
"mediapackage:ListChannels",
"mediatailor:ListPlaybackConfigurations",
"opsworks:DescribeStacks",
"qldb:ListLedgers",
"rds:DescribeDBClusters",
"rds:DescribeDBInstances",
"rds:DescribeEvents",
"rds:ListTagsForResource",
"redshift:DescribeClusters",
"robomaker:ListSimulationJobs",
"route53:ListHostedZones",
"route53resolver:ListResolverEndpoints",
"s3:ListAllMyBuckets",
"sagemaker:ListEndpoints",
"sns:ListTopics",
"sqs:ListQueues",
"storagegateway:ListGateways",
"sts:GetCallerIdentity",
"swf:ListDomains",
"tag:GetResources",
"tag:GetTagKeys",
"transfer:ListServers",
"workmail:ListOrganizations",
"workspaces:DescribeWorkspaces"
],
"Resource": "*"
}
]
}
AWS endpoints that need to be reachable from ActiveGate with corresponding AWS services¶
| Endpoint | Service |
|---|---|
autoscaling.<REGION>.amazonaws.com |
Amazon EC2 Auto Scaling (built-in), Amazon EC2 Auto Scaling |
lambda.<REGION>.amazonaws.com |
AWS Lambda (built-in), AWS Lambda |
elasticloadbalancing.<REGION>.amazonaws.com |
Amazon Application and Network Load Balancer (built-in), Amazon Elastic Load Balancer (ELB) (built-in) |
dynamodb.<REGION>.amazonaws.com |
Amazon DynamoDB (built-in), Amazon DynamoDB |
ec2.<REGION>.amazonaws.com |
Amazon EBS (built-in), Amazon EC2 (built-in), Amazon EBS, Amazon EC2 Spot Fleet, Amazon VPC NAT Gateways, AWS Transit Gateway, AWS Site-to-Site VPN |
rds.<REGION>.amazonaws.com |
Amazon RDS (built-in), Amazon Aurora, Amazon DocumentDB, Amazon Neptune, Amazon RDS |
s3.<REGION>.amazonaws.com |
Amazon S3 (built-in) |
acm-pca.<REGION>.amazonaws.com |
AWS Certificate Manager Private Certificate Authority |
apigateway.<REGION>.amazonaws.com |
Amazon API Gateway |
apprunner.<REGION>.amazonaws.com |
AWS App Runner |
appstream2.<REGION>.amazonaws.com |
Amazon AppStream |
appsync.<REGION>.amazonaws.com |
AWS AppSync |
athena.<REGION>.amazonaws.com |
Amazon Athena |
cloudfront.amazonaws.com |
Amazon CloudFront |
cloudhsmv2.<REGION>.amazonaws.com |
AWS CloudHSM |
cloudsearch.<REGION>.amazonaws.com |
Amazon CloudSearch |
codebuild.<REGION>.amazonaws.com |
AWS CodeBuild |
datasync.<REGION>.amazonaws.com |
AWS DataSync |
dax.<REGION>.amazonaws.com |
Amazon DynamoDB Accelerator (DAX) |
dms.<REGION>.amazonaws.com |
AWS Database Migration Service (AWS DMS) |
directconnect.<REGION>.amazonaws.com |
AWS Direct Connect |
ecs.<REGION>.amazonaws.com |
Amazon Elastic Container Service (ECS), Amazon ECS Container Insights |
elasticfilesystem.<REGION>.amazonaws.com |
Amazon Elastic File System (EFS) |
eks.<REGION>.amazonaws.com |
Amazon Elastic Kubernetes Service (EKS) |
elasticache.<REGION>.amazonaws.com |
Amazon ElastiCache (EC) |
elasticbeanstalk.<REGION>.amazonaws.com |
AWS Elastic Beanstalk |
elastictranscoder.<REGION>.amazonaws.com |
Amazon Elastic Transcoder |
es.<REGION>.amazonaws.com |
Amazon Elasticsearch Service (ES) |
events.<REGION>.amazonaws.com |
Amazon EventBridge |
fsx.<REGION>.amazonaws.com |
Amazon FSx |
gamelift.<REGION>.amazonaws.com |
Amazon GameLift |
glue.<REGION>.amazonaws.com |
AWS Glue |
inspector.<REGION>.amazonaws.com |
Amazon Inspector |
kafka.<REGION>.amazonaws.com |
Amazon Managed Streaming for Kafka |
models.lex.<REGION>.amazonaws.com |
Amazon Lex |
logs.<REGION>.amazonaws.com |
Amazon CloudWatch Logs |
api.mediatailor.<REGION>.amazonaws.com |
AWS Elemental MediaTailor |
mediaconnect.<REGION>.amazonaws.com |
AWS Elemental MediaConnect |
mediapackage.<REGION>.amazonaws.com |
AWS Elemental MediaPackage Live |
mediapackage-vod.<REGION>.amazonaws.com |
AWS Elemental MediaPackage Video on Demand |
opsworks.<REGION>.amazonaws.com |
AWS OpsWorks |
qldb.<REGION>.amazonaws.com |
Amazon QLDB |
redshift.<REGION>.amazonaws.com |
Amazon Redshift |
robomaker.<REGION>.amazonaws.com |
AWS RoboMaker |
route53.amazonaws.com |
Amazon Route 53 |
route53resolver.<REGION>.amazonaws.com |
Amazon Route 53 Resolver |
api.sagemaker.<REGION>.amazonaws.com |
Amazon SageMaker Endpoints, Amazon SageMaker Endpoint Instances |
sns.<REGION>.amazonaws.com |
Amazon Simple Notification Service (SNS) |
sqs.<REGION>.amazonaws.com |
Amazon Simple Queue Service (SQS) |
storagegateway.<REGION>.amazonaws.com |
AWS Storage Gateway |
swf.<REGION>.amazonaws.com |
Amazon SWF |
transfer.<REGION>.amazonaws.com |
AWS Transfer Family |
workmail.<REGION>.amazonaws.com |
Amazon WorkMail |
workspaces.<REGION>.amazonaws.com |
Amazon WorkSpaces |
Enable monitoring¶
To learn how to enable service monitoring, see Enable service monitoring.
View service metrics¶
You can view the service metrics in your Dynatrace environment either on the custom device overview page or on your Dashboards page.
View metrics on the custom device overview page¶
To access the custom device overview page
- Go to
Technologies & Processes Classic. - Filter by service name and select the relevant custom device group.
- Once you select the custom device group, you're on the custom device group overview page.
- The custom device group overview page lists all instances (custom devices) belonging to the group. Select an instance to view the custom device overview page.
View metrics on your dashboard¶
After you add the service to monitoring, a preset dashboard containing all recommended metrics is automatically listed on your Dashboards page. To look for specific dashboards, filter by Preset and then by Name.

For existing monitored services, you might need to resave your credentials for the preset dashboard to appear on the Dashboards page. To resave your credentials, go to Settings > Cloud and virtualization > AWS, select the desired AWS instance, and then select Save.
You can't make changes on a preset dashboard directly, but you can clone and edit it. To clone a dashboard, open the browse menu (â¦) and select Clone.
To remove a dashboard from the dashboards page, you can hide it. To hide a dashboard, open the browse menu (â¦) and select Hide.
Hiding a dashboard doesn't affect other users.

To check the availability of preset dashboards for each AWS service, see the list below.
Preset dashboard availability list¶
| AWS service | Preset dashboard |
|---|---|
| Amazon EC2 Auto Scaling (built-in) | Not applicable |
| AWS Lambda (built-in) | Not applicable |
| Amazon Application and Network Load Balancer (built-in) | Not applicable |
| Amazon DynamoDB (built-in) | Not applicable |
| Amazon EBS (built-in) | Not applicable |
| Amazon EC2 (built-in) | Not applicable |
| Amazon Elastic Load Balancer (ELB) (built-in) | Not applicable |
| Amazon RDS (built-in) | Not applicable |
| Amazon S3 (built-in) | Not applicable |
| AWS Certificate Manager Private Certificate Authority | Not applicable |
| All monitored Amazon services | Not applicable |
| Amazon API Gateway | Not applicable |
| AWS App Runner | Not applicable |
| Amazon AppStream | Applicable |
| AWS AppSync | Applicable |
| Amazon Athena | Applicable |
| Amazon Aurora | Not applicable |
| Amazon EC2 Auto Scaling | Applicable |
| AWS Billing | Applicable |
| Amazon Keyspaces | Applicable |
| AWS Chatbot | Applicable |
| Amazon CloudFront | Not applicable |
| AWS CloudHSM | Applicable |
| Amazon CloudSearch | Applicable |
| AWS CodeBuild | Applicable |
| Amazon Cognito | Not applicable |
| Amazon Connect | Applicable |
| AWS DataSync | Applicable |
| Amazon DynamoDB Accelerator (DAX) | Applicable |
| AWS Database Migration Service (AWS DMS) | Applicable |
| Amazon DocumentDB | Applicable |
| AWS Direct Connect | Applicable |
| Amazon DynamoDB | Not applicable |
| Amazon EBS | Not applicable |
| Amazon EC2 Spot Fleet | Not applicable |
| Amazon EC2 API | Applicable |
| Amazon Elastic Container Service (ECS) | Not applicable |
| Amazon ECS Container Insights | Applicable |
| Amazon Elastic File System (EFS) | Not applicable |
| Amazon Elastic Kubernetes Service (EKS) | Applicable |
| Amazon ElastiCache (EC) | Not applicable |
| AWS Elastic Beanstalk | Applicable |
| Amazon Elastic Inference | Applicable |
| Amazon Elastic Transcoder | Applicable |
| Amazon Elastic Map Reduce (EMR) | Not applicable |
| Amazon Elasticsearch Service (ES) | Not applicable |
| Amazon EventBridge | Applicable |
| Amazon FSx | Applicable |
| Amazon GameLift | Applicable |
| AWS Glue | Not applicable |
| Amazon Inspector | Applicable |
| AWS Internet of Things (IoT) | Not applicable |
| AWS IoT Things Graph | Applicable |
| AWS IoT Analytics | Applicable |
| Amazon Managed Streaming for Kafka | Applicable |
| Amazon Kinesis Data Analytics | Not applicable |
| Amazon Data Firehose | Not applicable |
| Amazon Kinesis Data Streams | Not applicable |
| Amazon Kinesis Video Streams | Not applicable |
| AWS Lambda | Not applicable |
| Amazon Lex | Applicable |
| Amazon CloudWatch Logs | Applicable |
| AWS Elemental MediaTailor | Applicable |
| AWS Elemental MediaConnect | Applicable |
| AWS Elemental MediaConvert | Applicable |
| AWS Elemental MediaPackage Live | Applicable |
| AWS Elemental MediaPackage Video on Demand | Applicable |
| Amazon MQ | Applicable |
| Amazon VPC NAT Gateways | Not applicable |
| Amazon Neptune | Applicable |
| AWS OpsWorks | Applicable |
| Amazon Polly | Applicable |
| Amazon QLDB | Applicable |
| Amazon RDS | Not applicable |
| Amazon Redshift | Not applicable |
| Amazon Rekognition | Applicable |
| AWS RoboMaker | Applicable |
| Amazon Route 53 | Applicable |
| Amazon Route 53 Resolver | Applicable |
| Amazon S3 | Not applicable |
| Amazon SageMaker Batch Transform Jobs | Not applicable |
| Amazon SageMaker Endpoints | Not applicable |
| Amazon SageMaker Endpoint Instances | Not applicable |
| Amazon SageMaker Ground Truth | Not applicable |
| Amazon SageMaker Processing Jobs | Not applicable |
| Amazon SageMaker Training Jobs | Not applicable |
| AWS Service Catalog | Applicable |
| Amazon Simple Email Service (SES) | Not applicable |
| Amazon Simple Notification Service (SNS) | Not applicable |
| Amazon Simple Queue Service (SQS) | Not applicable |
| AWS Systems Manager - Run Command | Applicable |
| AWS Step Functions | Applicable |
| AWS Storage Gateway | Applicable |
| Amazon SWF | Applicable |
| Amazon Textract | Applicable |
| AWS Transfer Family | Applicable |
| AWS Transit Gateway | Applicable |
| Amazon Translate | Applicable |
| AWS Trusted Advisor | Applicable |
| AWS API Usage | Applicable |
| AWS Site-to-Site VPN | Applicable |
| AWS WAF Classic | Applicable |
| AWS WAF | Applicable |
| Amazon WorkMail | Applicable |
| Amazon WorkSpaces | Applicable |


Available metrics¶
AWS Elemental MediaPackage Live¶
Channel is the main dimension.
| Name | Description | Unit | Statistics | Dimensions | Recommended |
|---|---|---|---|---|---|
| ActiveInput | Indicates if an input has been used as the source for an endpoint in AWS Elemental MediaPackage (it has been active). A value of 1 indicates that the input was active, and a 0 (zero) indicates that it wasn't. |
Count | Multi | Region, IngestEndpoint, OriginEndpoint | |
| EgressBytes | Number of bytes that AWS Elemental MediaPackage successfully sends for each request. If MediaPackage doesn't receive any requests for output in the specified interval, then no data is given. | Bytes | Multi | Channel | Applicable |
| EgressBytes | Bytes | Sum | Channel | Applicable | |
| EgressBytes | Count | Count | Channel | ||
| EgressBytes | Bytes | Multi | Channel, OriginEndpoint | ||
| EgressBytes | Bytes | Sum | Channel, OriginEndpoint | Applicable | |
| EgressBytes | Count | Count | Channel, OriginEndpoint | ||
| EgressBytes | Bytes | Multi | Region | Applicable | |
| EgressBytes | Bytes | Sum | Region | Applicable | |
| EgressBytes | Count | Count | Region | Applicable | |
| EgressRequestCount | Number of content requests that AWS Elemental MediaPackage receives. If MediaPackage doesn't receive any requests for output in the specified interval, then no data is given. | Count | Sum | Channel | Applicable |
| EgressRequestCount | Count | Sum | Channel, OriginEndpoint | ||
| EgressRequestCount | Count | Sum | Channel, StatusCodeRange | Applicable | |
| EgressRequestCount | Count | Sum | Channel, OriginEndpoint, StatusCodeRange | ||
| EgressRequestCount | Count | Sum | Region, StatusCodeRange | ||
| EgressRequestCount | Count | Sum | Region | Applicable | |
| EgressResponseTime | The time that it takes AWS Elemental MediaPackage to process each output request. If MediaPackage doesn't receive any requests for output in the specified interval, then no data is given. | Milliseconds | Multi | Channel | Applicable |
| EgressResponseTime | Milliseconds | Sum | Channel | Applicable | |
| EgressResponseTime | Count | Count | Channel | ||
| EgressResponseTime | Milliseconds | Multi | Channel, OriginEndpoint | Applicable | |
| EgressResponseTime | Milliseconds | Sum | Channel, OriginEndpoint | ||
| EgressResponseTime | Count | Count | Channel, OriginEndpoint | ||
| IngressBytes | Number of bytes of content that AWS Elemental MediaPackage receives for each input request. If MediaPackage doesn't receive any requests for input in the specified interval, then no data is given. | Bytes | Multi | Channel | Applicable |
| IngressBytes | Bytes | Sum | Channel | Applicable | |
| IngressBytes | Count | Count | Channel | ||
| IngressBytes | Bytes | Multi | Channel, IngestEndpoint | Applicable | |
| IngressBytes | Bytes | Sum | Channel, IngestEndpoint | ||
| IngressBytes | Count | Count | Channel, IngestEndpoint | ||
| IngressBytes | Bytes | Multi | Region | ||
| IngressBytes | Bytes | Sum | Region | ||
| IngressBytes | Count | Count | Region | ||
| IngressResponseTime | The time that it takes AWS Elemental MediaPackage to process each input request. If MediaPackage doesn't receive any requests for input in the specified interval, then no data is given. | Milliseconds | Multi | Channel | Applicable |
| IngressResponseTime | Milliseconds | Sum | Channel | Applicable | |
| IngressResponseTime | Count | Count | Channel | ||
| IngressResponseTime | Milliseconds | Multi | Channel, IngestEndpoint | Applicable | |
| IngressResponseTime | Milliseconds | Sum | Channel, IngestEndpoint | ||
| IngressResponseTime | Count | Count | Channel, IngestEndpoint | ||
| IngressResponseTime | Milliseconds | Multi | Region | ||
| IngressResponseTime | Milliseconds | Sum | Region | ||
| IngressResponseTime | Count | Count | Region |
AWS Elemental MediaPackage Video on Demand (VOD)¶
PackagingConfiguration is the main dimension.
| Name | Description | Unit | Statistics | Dimensions | Recommended |
|---|---|---|---|---|---|
| EgressBytes | Number of bytes that AWS Elemental MediaPackage successfully sends for each request. If MediaPackage doesn't receive any requests for output in the specified interval, then no data is given. | Bytes | Multi | PackagingConfiguration | Applicable |
| EgressBytes | Bytes | Sum | PackagingConfiguration | Applicable | |
| EgressBytes | Count | Count | PackagingConfiguration | ||
| EgressRequestCount | Number of content requests that AWS Elemental MediaPackage receives. If MediaPackage doesn't receive any requests for output in the specified interval, then no data is given. | Count | Sum | PackagingConfiguration | Applicable |
| EgressRequestCount | Count | Sum | PackagingConfiguration, StatusCodeRange | ||
| EgressResponseTime | The time that it takes AWS Elemental MediaPackage to process each output request. If MediaPackage doesn't receive any requests for output in the specified interval, then no data is given. | Milliseconds | Multi | PackagingConfiguration | Applicable |
| EgressResponseTime | Milliseconds | Sum | PackagingConfiguration | Applicable | |
| EgressResponseTime | Count | Count | PackagingConfiguration |
Source: aws-service-elemental-mediatailor.md¶
title: AWS Elemental MediaTailor monitoring source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-with-aws/aws-all-services/aws-service-elemental-mediatailor scraped: 2026-02-18T05:54:42.733629
AWS Elemental MediaTailor monitoring¶
AWS Elemental MediaTailor monitoring¶
- How-to guide
- 3-min read
- Published Jul 21, 2020
Dynatrace ingests metrics for multiple preselected namespaces, including AWS Elemental MediaTailor. You can view graphs per service instance, with a set of dimensions, and create custom graphs that you can pin to your dashboards.
Prerequisites¶
To enable monitoring for this service, you need
-
ActiveGate version 1.197+
-
For Dynatrace SaaS deployments, you need an Environment ActiveGate or a Multi-environment ActiveGate.
For role-based access in SaaS deployment, you need an Environment ActiveGate installed on an Amazon EC2 host.
- Dynatrace version 1.200+
- An updated AWS monitoring policy to include the additional AWS services.
To update the AWS IAM policy, use the JSON below, containing the monitoring policy (permissions) for all supporting services.
JSON predefined policy for all supporting services
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"acm-pca:ListCertificateAuthorities",
"apigateway:GET",
"apprunner:ListServices",
"appstream:DescribeFleets",
"appsync:ListGraphqlApis",
"athena:ListWorkGroups",
"autoscaling:DescribeAutoScalingGroups",
"cloudformation:ListStackResources",
"cloudfront:ListDistributions",
"cloudhsm:DescribeClusters",
"cloudsearch:DescribeDomains",
"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"codebuild:ListProjects",
"datasync:ListTasks",
"dax:DescribeClusters",
"directconnect:DescribeConnections",
"dms:DescribeReplicationInstances",
"dynamodb:ListTables",
"dynamodb:ListTagsOfResource",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeInstances",
"ec2:DescribeNatGateways",
"ec2:DescribeSpotFleetRequests",
"ec2:DescribeTransitGateways",
"ec2:DescribeVolumes",
"ec2:DescribeVpnConnections",
"ecs:ListClusters",
"eks:ListClusters",
"elasticache:DescribeCacheClusters",
"elasticbeanstalk:DescribeEnvironmentResources",
"elasticbeanstalk:DescribeEnvironments",
"elasticfilesystem:DescribeFileSystems",
"elasticloadbalancing:DescribeInstanceHealth",
"elasticloadbalancing:DescribeListeners",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeRules",
"elasticloadbalancing:DescribeTags",
"elasticloadbalancing:DescribeTargetHealth",
"elasticmapreduce:ListClusters",
"elastictranscoder:ListPipelines",
"es:ListDomainNames",
"events:ListEventBuses",
"firehose:ListDeliveryStreams",
"fsx:DescribeFileSystems",
"gamelift:ListFleets",
"glue:GetJobs",
"inspector:ListAssessmentTemplates",
"kafka:ListClusters",
"kinesis:ListStreams",
"kinesisanalytics:ListApplications",
"kinesisvideo:ListStreams",
"lambda:ListFunctions",
"lambda:ListTags",
"lex:GetBots",
"logs:DescribeLogGroups",
"mediaconnect:ListFlows",
"mediaconvert:DescribeEndpoints",
"mediapackage-vod:ListPackagingConfigurations",
"mediapackage:ListChannels",
"mediatailor:ListPlaybackConfigurations",
"opsworks:DescribeStacks",
"qldb:ListLedgers",
"rds:DescribeDBClusters",
"rds:DescribeDBInstances",
"rds:DescribeEvents",
"rds:ListTagsForResource",
"redshift:DescribeClusters",
"robomaker:ListSimulationJobs",
"route53:ListHostedZones",
"route53resolver:ListResolverEndpoints",
"s3:ListAllMyBuckets",
"sagemaker:ListEndpoints",
"sns:ListTopics",
"sqs:ListQueues",
"storagegateway:ListGateways",
"sts:GetCallerIdentity",
"swf:ListDomains",
"tag:GetResources",
"tag:GetTagKeys",
"transfer:ListServers",
"workmail:ListOrganizations",
"workspaces:DescribeWorkspaces"
],
"Resource": "*"
}
]
}
If you don't want to add permissions to all services, and just select permissions for certain services, consult the table below. The table contains a set of permissions that are required for All AWS cloud services and, for each supporting service, a list of optional permissions specific to that service.
Permissions required for AWS monitoring integration:
"cloudwatch:GetMetricData""cloudwatch:GetMetricStatistics""cloudwatch:ListMetrics""sts:GetCallerIdentity""tag:GetResources""tag:GetTagKeys""ec2:DescribeAvailabilityZones"
Complete list of permissions for cloud services¶
| Name | Permissions |
|---|---|
| All monitored Amazon services Required | cloudwatch:GetMetricData, cloudwatch:GetMetricStatistics, cloudwatch:ListMetrics, sts:GetCallerIdentity, tag:GetResources, tag:GetTagKeys, ec2:DescribeAvailabilityZones |
| AWS Certificate Manager Private Certificate Authority | acm-pca:ListCertificateAuthorities |
| Amazon MQ | |
| Amazon API Gateway | apigateway:GET |
| AWS App Runner | apprunner:ListServices |
| Amazon AppStream | appstream:DescribeFleets |
| AWS AppSync | appsync:ListGraphqlApis |
| Amazon Athena | athena:ListWorkGroups |
| Amazon Aurora | rds:DescribeDBClusters |
| Amazon EC2 Auto Scaling | autoscaling:DescribeAutoScalingGroups |
| Amazon EC2 Auto Scaling (built-in) | autoscaling:DescribeAutoScalingGroups |
| AWS Billing | |
| Amazon Keyspaces | |
| AWS Chatbot | |
| Amazon CloudFront | cloudfront:ListDistributions |
| AWS CloudHSM | cloudhsm:DescribeClusters |
| Amazon CloudSearch | cloudsearch:DescribeDomains |
| AWS CodeBuild | codebuild:ListProjects |
| Amazon Cognito | |
| Amazon Connect | |
| Amazon Elastic Kubernetes Service (EKS) | eks:ListClusters |
| AWS DataSync | datasync:ListTasks |
| Amazon DynamoDB Accelerator (DAX) | dax:DescribeClusters |
| AWS Database Migration Service (AWS DMS) | dms:DescribeReplicationInstances |
| Amazon DocumentDB | rds:DescribeDBClusters |
| AWS Direct Connect | directconnect:DescribeConnections |
| Amazon DynamoDB | dynamodb:ListTables |
| Amazon DynamoDB (built-in) | dynamodb:ListTables, dynamodb:ListTagsOfResource |
| Amazon EBS | ec2:DescribeVolumes |
| Amazon EBS (built-in) | ec2:DescribeVolumes |
| Amazon EC2 API | |
| Amazon EC2 (built-in) | ec2:DescribeInstances |
| Amazon EC2 Spot Fleet | ec2:DescribeSpotFleetRequests |
| Amazon Elastic Container Service (ECS) | ecs:ListClusters |
| Amazon ECS Container Insights | ecs:ListClusters |
| Amazon ElastiCache (EC) | elasticache:DescribeCacheClusters |
| AWS Elastic Beanstalk | elasticbeanstalk:DescribeEnvironments |
| Amazon Elastic File System (EFS) | elasticfilesystem:DescribeFileSystems |
| Amazon Elastic Inference | |
| Amazon Elastic Map Reduce (EMR) | elasticmapreduce:ListClusters |
| Amazon Elasticsearch Service (ES) | es:ListDomainNames |
| Amazon Elastic Transcoder | elastictranscoder:ListPipelines |
| Amazon Elastic Load Balancer (ELB) (built-in) | elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth |
| Amazon EventBridge | events:ListEventBuses |
| Amazon FSx | fsx:DescribeFileSystems |
| Amazon GameLift | gamelift:ListFleets |
| AWS Glue | glue:GetJobs |
| Amazon Inspector | inspector:ListAssessmentTemplates |
| AWS Internet of Things (IoT) | |
| AWS IoT Analytics | |
| Amazon Managed Streaming for Kafka | kafka:ListClusters |
| Amazon Kinesis Data Analytics | kinesisanalytics:ListApplications |
| Amazon Data Firehose | firehose:ListDeliveryStreams |
| Amazon Kinesis Data Streams | kinesis:ListStreams |
| Amazon Kinesis Video Streams | kinesisvideo:ListStreams |
| AWS Lambda | lambda:ListFunctions |
| AWS Lambda (built-in) | lambda:ListFunctions, lambda:ListTags |
| Amazon Lex | lex:GetBots |
| Amazon Application and Network Load Balancer (built-in) | elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth |
| Amazon CloudWatch Logs | logs:DescribeLogGroups |
| AWS Elemental MediaConnect | mediaconnect:ListFlows |
| AWS Elemental MediaConvert | mediaconvert:DescribeEndpoints |
| AWS Elemental MediaPackage Live | mediapackage:ListChannels |
| AWS Elemental MediaPackage Video on Demand | mediapackage-vod:ListPackagingConfigurations |
| AWS Elemental MediaTailor | mediatailor:ListPlaybackConfigurations |
| Amazon VPC NAT Gateways | ec2:DescribeNatGateways |
| Amazon Neptune | rds:DescribeDBClusters |
| AWS OpsWorks | opsworks:DescribeStacks |
| Amazon Polly | |
| Amazon QLDB | qldb:ListLedgers |
| Amazon RDS | rds:DescribeDBInstances |
| Amazon RDS (built-in) | rds:DescribeDBInstances, rds:DescribeEvents, rds:ListTagsForResource |
| Amazon Redshift | redshift:DescribeClusters |
| Amazon Rekognition | |
| AWS RoboMaker | robomaker:ListSimulationJobs |
| Amazon Route 53 | route53:ListHostedZones |
| Amazon Route 53 Resolver | route53resolver:ListResolverEndpoints |
| Amazon S3 | s3:ListAllMyBuckets |
| Amazon S3 (built-in) | s3:ListAllMyBuckets |
| Amazon SageMaker Batch Transform Jobs | |
| Amazon SageMaker Endpoint Instances | sagemaker:ListEndpoints |
| Amazon SageMaker Endpoints | sagemaker:ListEndpoints |
| Amazon SageMaker Ground Truth | |
| Amazon SageMaker Processing Jobs | |
| Amazon SageMaker Training Jobs | |
| AWS Service Catalog | |
| Amazon Simple Email Service (SES) | |
| Amazon Simple Notification Service (SNS) | sns:ListTopics |
| Amazon Simple Queue Service (SQS) | sqs:ListQueues |
| AWS Systems Manager - Run Command | |
| AWS Step Functions | |
| AWS Storage Gateway | storagegateway:ListGateways |
| Amazon SWF | swf:ListDomains |
| Amazon Textract | |
| AWS IoT Things Graph | |
| AWS Transfer Family | transfer:ListServers |
| AWS Transit Gateway | ec2:DescribeTransitGateways |
| Amazon Translate | |
| AWS Trusted Advisor | |
| AWS API Usage | |
| AWS Site-to-Site VPN | ec2:DescribeVpnConnections |
| AWS WAF Classic | |
| AWS WAF | |
| Amazon WorkMail | workmail:ListOrganizations |
| Amazon WorkSpaces | workspaces:DescribeWorkspaces |
Example of JSON policy for one single service.
JSON policy for Amazon API Gateway
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"apigateway:GET",
"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"sts:GetCallerIdentity",
"tag:GetResources",
"tag:GetTagKeys",
"ec2:DescribeAvailabilityZones"
],
"Resource": "*"
}
]
}
In this example, from the complete list of permissions you need to select
"apigateway:GET"for Amazon API Gateway"cloudwatch:GetMetricData","cloudwatch:GetMetricStatistics","cloudwatch:ListMetrics","sts:GetCallerIdentity","tag:GetResources","tag:GetTagKeys", and"ec2:DescribeAvailabilityZones"for All AWS cloud services.
AWS endpoints that need to be reachable from ActiveGate with corresponding AWS services¶
| Endpoint | Service |
|---|---|
autoscaling.<REGION>.amazonaws.com |
Amazon EC2 Auto Scaling (built-in), Amazon EC2 Auto Scaling |
lambda.<REGION>.amazonaws.com |
AWS Lambda (built-in), AWS Lambda |
elasticloadbalancing.<REGION>.amazonaws.com |
Amazon Application and Network Load Balancer (built-in), Amazon Elastic Load Balancer (ELB) (built-in) |
dynamodb.<REGION>.amazonaws.com |
Amazon DynamoDB (built-in), Amazon DynamoDB |
ec2.<REGION>.amazonaws.com |
Amazon EBS (built-in), Amazon EC2 (built-in), Amazon EBS, Amazon EC2 Spot Fleet, Amazon VPC NAT Gateways, AWS Transit Gateway, AWS Site-to-Site VPN |
rds.<REGION>.amazonaws.com |
Amazon RDS (built-in), Amazon Aurora, Amazon DocumentDB, Amazon Neptune, Amazon RDS |
s3.<REGION>.amazonaws.com |
Amazon S3 (built-in) |
acm-pca.<REGION>.amazonaws.com |
AWS Certificate Manager Private Certificate Authority |
apigateway.<REGION>.amazonaws.com |
Amazon API Gateway |
apprunner.<REGION>.amazonaws.com |
AWS App Runner |
appstream2.<REGION>.amazonaws.com |
Amazon AppStream |
appsync.<REGION>.amazonaws.com |
AWS AppSync |
athena.<REGION>.amazonaws.com |
Amazon Athena |
cloudfront.amazonaws.com |
Amazon CloudFront |
cloudhsmv2.<REGION>.amazonaws.com |
AWS CloudHSM |
cloudsearch.<REGION>.amazonaws.com |
Amazon CloudSearch |
codebuild.<REGION>.amazonaws.com |
AWS CodeBuild |
datasync.<REGION>.amazonaws.com |
AWS DataSync |
dax.<REGION>.amazonaws.com |
Amazon DynamoDB Accelerator (DAX) |
dms.<REGION>.amazonaws.com |
AWS Database Migration Service (AWS DMS) |
directconnect.<REGION>.amazonaws.com |
AWS Direct Connect |
ecs.<REGION>.amazonaws.com |
Amazon Elastic Container Service (ECS), Amazon ECS Container Insights |
elasticfilesystem.<REGION>.amazonaws.com |
Amazon Elastic File System (EFS) |
eks.<REGION>.amazonaws.com |
Amazon Elastic Kubernetes Service (EKS) |
elasticache.<REGION>.amazonaws.com |
Amazon ElastiCache (EC) |
elasticbeanstalk.<REGION>.amazonaws.com |
AWS Elastic Beanstalk |
elastictranscoder.<REGION>.amazonaws.com |
Amazon Elastic Transcoder |
es.<REGION>.amazonaws.com |
Amazon Elasticsearch Service (ES) |
events.<REGION>.amazonaws.com |
Amazon EventBridge |
fsx.<REGION>.amazonaws.com |
Amazon FSx |
gamelift.<REGION>.amazonaws.com |
Amazon GameLift |
glue.<REGION>.amazonaws.com |
AWS Glue |
inspector.<REGION>.amazonaws.com |
Amazon Inspector |
kafka.<REGION>.amazonaws.com |
Amazon Managed Streaming for Kafka |
models.lex.<REGION>.amazonaws.com |
Amazon Lex |
logs.<REGION>.amazonaws.com |
Amazon CloudWatch Logs |
api.mediatailor.<REGION>.amazonaws.com |
AWS Elemental MediaTailor |
mediaconnect.<REGION>.amazonaws.com |
AWS Elemental MediaConnect |
mediapackage.<REGION>.amazonaws.com |
AWS Elemental MediaPackage Live |
mediapackage-vod.<REGION>.amazonaws.com |
AWS Elemental MediaPackage Video on Demand |
opsworks.<REGION>.amazonaws.com |
AWS OpsWorks |
qldb.<REGION>.amazonaws.com |
Amazon QLDB |
redshift.<REGION>.amazonaws.com |
Amazon Redshift |
robomaker.<REGION>.amazonaws.com |
AWS RoboMaker |
route53.amazonaws.com |
Amazon Route 53 |
route53resolver.<REGION>.amazonaws.com |
Amazon Route 53 Resolver |
api.sagemaker.<REGION>.amazonaws.com |
Amazon SageMaker Endpoints, Amazon SageMaker Endpoint Instances |
sns.<REGION>.amazonaws.com |
Amazon Simple Notification Service (SNS) |
sqs.<REGION>.amazonaws.com |
Amazon Simple Queue Service (SQS) |
storagegateway.<REGION>.amazonaws.com |
AWS Storage Gateway |
swf.<REGION>.amazonaws.com |
Amazon SWF |
transfer.<REGION>.amazonaws.com |
AWS Transfer Family |
workmail.<REGION>.amazonaws.com |
Amazon WorkMail |
workspaces.<REGION>.amazonaws.com |
Amazon WorkSpaces |
Enable monitoring¶
To learn how to enable service monitoring, see Enable service monitoring.
View service metrics¶
You can view the service metrics in your Dynatrace environment either on the custom device overview page or on your Dashboards page.
View metrics on the custom device overview page¶
To access the custom device overview page
- Go to
Technologies & Processes Classic. - Filter by service name and select the relevant custom device group.
- Once you select the custom device group, you're on the custom device group overview page.
- The custom device group overview page lists all instances (custom devices) belonging to the group. Select an instance to view the custom device overview page.
View metrics on your dashboard¶
After you add the service to monitoring, a preset dashboard containing all recommended metrics is automatically listed on your Dashboards page. To look for specific dashboards, filter by Preset and then by Name.

For existing monitored services, you might need to resave your credentials for the preset dashboard to appear on the Dashboards page. To resave your credentials, go to Settings > Cloud and virtualization > AWS, select the desired AWS instance, and then select Save.
You can't make changes on a preset dashboard directly, but you can clone and edit it. To clone a dashboard, open the browse menu (â¦) and select Clone.
To remove a dashboard from the dashboards page, you can hide it. To hide a dashboard, open the browse menu (â¦) and select Hide.
Hiding a dashboard doesn't affect other users.

To check the availability of preset dashboards for each AWS service, see the list below.
Preset dashboard availability list¶
| AWS service | Preset dashboard |
|---|---|
| Amazon EC2 Auto Scaling (built-in) | Not applicable |
| AWS Lambda (built-in) | Not applicable |
| Amazon Application and Network Load Balancer (built-in) | Not applicable |
| Amazon DynamoDB (built-in) | Not applicable |
| Amazon EBS (built-in) | Not applicable |
| Amazon EC2 (built-in) | Not applicable |
| Amazon Elastic Load Balancer (ELB) (built-in) | Not applicable |
| Amazon RDS (built-in) | Not applicable |
| Amazon S3 (built-in) | Not applicable |
| AWS Certificate Manager Private Certificate Authority | Not applicable |
| All monitored Amazon services | Not applicable |
| Amazon API Gateway | Not applicable |
| AWS App Runner | Not applicable |
| Amazon AppStream | Applicable |
| AWS AppSync | Applicable |
| Amazon Athena | Applicable |
| Amazon Aurora | Not applicable |
| Amazon EC2 Auto Scaling | Applicable |
| AWS Billing | Applicable |
| Amazon Keyspaces | Applicable |
| AWS Chatbot | Applicable |
| Amazon CloudFront | Not applicable |
| AWS CloudHSM | Applicable |
| Amazon CloudSearch | Applicable |
| AWS CodeBuild | Applicable |
| Amazon Cognito | Not applicable |
| Amazon Connect | Applicable |
| AWS DataSync | Applicable |
| Amazon DynamoDB Accelerator (DAX) | Applicable |
| AWS Database Migration Service (AWS DMS) | Applicable |
| Amazon DocumentDB | Applicable |
| AWS Direct Connect | Applicable |
| Amazon DynamoDB | Not applicable |
| Amazon EBS | Not applicable |
| Amazon EC2 Spot Fleet | Not applicable |
| Amazon EC2 API | Applicable |
| Amazon Elastic Container Service (ECS) | Not applicable |
| Amazon ECS Container Insights | Applicable |
| Amazon Elastic File System (EFS) | Not applicable |
| Amazon Elastic Kubernetes Service (EKS) | Applicable |
| Amazon ElastiCache (EC) | Not applicable |
| AWS Elastic Beanstalk | Applicable |
| Amazon Elastic Inference | Applicable |
| Amazon Elastic Transcoder | Applicable |
| Amazon Elastic Map Reduce (EMR) | Not applicable |
| Amazon Elasticsearch Service (ES) | Not applicable |
| Amazon EventBridge | Applicable |
| Amazon FSx | Applicable |
| Amazon GameLift | Applicable |
| AWS Glue | Not applicable |
| Amazon Inspector | Applicable |
| AWS Internet of Things (IoT) | Not applicable |
| AWS IoT Things Graph | Applicable |
| AWS IoT Analytics | Applicable |
| Amazon Managed Streaming for Kafka | Applicable |
| Amazon Kinesis Data Analytics | Not applicable |
| Amazon Data Firehose | Not applicable |
| Amazon Kinesis Data Streams | Not applicable |
| Amazon Kinesis Video Streams | Not applicable |
| AWS Lambda | Not applicable |
| Amazon Lex | Applicable |
| Amazon CloudWatch Logs | Applicable |
| AWS Elemental MediaTailor | Applicable |
| AWS Elemental MediaConnect | Applicable |
| AWS Elemental MediaConvert | Applicable |
| AWS Elemental MediaPackage Live | Applicable |
| AWS Elemental MediaPackage Video on Demand | Applicable |
| Amazon MQ | Applicable |
| Amazon VPC NAT Gateways | Not applicable |
| Amazon Neptune | Applicable |
| AWS OpsWorks | Applicable |
| Amazon Polly | Applicable |
| Amazon QLDB | Applicable |
| Amazon RDS | Not applicable |
| Amazon Redshift | Not applicable |
| Amazon Rekognition | Applicable |
| AWS RoboMaker | Applicable |
| Amazon Route 53 | Applicable |
| Amazon Route 53 Resolver | Applicable |
| Amazon S3 | Not applicable |
| Amazon SageMaker Batch Transform Jobs | Not applicable |
| Amazon SageMaker Endpoints | Not applicable |
| Amazon SageMaker Endpoint Instances | Not applicable |
| Amazon SageMaker Ground Truth | Not applicable |
| Amazon SageMaker Processing Jobs | Not applicable |
| Amazon SageMaker Training Jobs | Not applicable |
| AWS Service Catalog | Applicable |
| Amazon Simple Email Service (SES) | Not applicable |
| Amazon Simple Notification Service (SNS) | Not applicable |
| Amazon Simple Queue Service (SQS) | Not applicable |
| AWS Systems Manager - Run Command | Applicable |
| AWS Step Functions | Applicable |
| AWS Storage Gateway | Applicable |
| Amazon SWF | Applicable |
| Amazon Textract | Applicable |
| AWS Transfer Family | Applicable |
| AWS Transit Gateway | Applicable |
| Amazon Translate | Applicable |
| AWS Trusted Advisor | Applicable |
| AWS API Usage | Applicable |
| AWS Site-to-Site VPN | Applicable |
| AWS WAF Classic | Applicable |
| AWS WAF | Applicable |
| Amazon WorkMail | Applicable |
| Amazon WorkSpaces | Applicable |

Available metrics¶
ConfigurationName is the main dimension.
| Name | Description | Unit | Statistics | Dimensions | Recommended |
|---|---|---|---|---|---|
| AdDecisionServer.Ads | The count of ads included in ad decision server (ADS) responses for the time period that you specified | Count | Sum | ConfigurationName | |
| AdDecisionServer.Duration | The total duration, in milliseconds, of all ads that MediaTailor received from the ADS for the time period that you specified | Milliseconds | Average | ConfigurationName | |
| AdDecisionServer.Errors | The number of non-HTTP 200 status code responses, empty responses, and timed-out responses that MediaTailor received from the ADS in the time period that you specified | Count | Sum | ConfigurationName | |
| AdDecisionServer.FillRate | The simple average of the rates at which the responses from the ADS filled the corresponding individual ad avails for the time period that you specified | Count | Average | ConfigurationName | |
| AdDecisionServer.Timeouts | The number of timed-out requests to the ADS in the time period that you specified | Count | Sum | ConfigurationName | |
| AdNotReady | The number of times that the ADS pointed at an ad that wasn't yet transcoded by the internal transcoder service in the time period that you specified | Count | Sum | ConfigurationName | |
| Avail.Duration | The total duration, in milliseconds, of all ad avails that MediaTailor encountered in the time period that you specified | Milliseconds | Average | ConfigurationName | |
| Avail.FillRate | The simple average of the rates at which MediaTailor filled the individual ad avails for the time period that you specified | Count | Average | ConfigurationName | Applicable |
| Avail.FilledDuration | The total duration, in milliseconds, of ad avail time that MediaTailor filled with ads in the time period that you specified | Milliseconds | Average | ConfigurationName | Applicable |
| GetManifest.Errors | The number of errors received while MediaTailor was generating manifests in the time period that you specified | Count | Sum | ConfigurationName | |
| Origin.Errors | The number of non-HTTP 200 status code responses and timed-out responses that MediaTailor received from the origin server in the time period that you specified | Count | Sum | ConfigurationName | |
| Origin.Timeouts | The number of timed-out requests to the origin server in the time period that you specified | Count | Sum | ConfigurationName |
Limitations¶
AdDecisionServer.FillRate and Avail.FillRate should be expressed in percentage, however, AWS reports it as a value from 0 to 1. They are defined for the time being as Count values.
Source: aws-service-eventbridge.md¶
title: Amazon EventBridge monitoring source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-with-aws/aws-all-services/aws-service-eventbridge scraped: 2026-02-18T05:58:08.585175
Amazon EventBridge monitoring¶
Amazon EventBridge monitoring¶
- How-to guide
- 2-min read
- Published Jul 21, 2020
Dynatrace ingests metrics for multiple preselected namespaces, including Amazon EventBridge. You can view graphs per service instance, with a set of dimensions, and create custom graphs that you can pin to your dashboards.
Prerequisites¶
To enable monitoring for this service, you need
-
ActiveGate version 1.197+
-
For Dynatrace SaaS deployments, you need an Environment ActiveGate or a Multi-environment ActiveGate.
For role-based access in SaaS deployment, you need an Environment ActiveGate installed on an Amazon EC2 host.
- Dynatrace version 1.199+
- An updated AWS monitoring policy to include the additional AWS services.
To update the AWS IAM policy, use the JSON below, containing the monitoring policy (permissions) for all supporting services.
JSON predefined policy for all supporting services
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"acm-pca:ListCertificateAuthorities",
"apigateway:GET",
"apprunner:ListServices",
"appstream:DescribeFleets",
"appsync:ListGraphqlApis",
"athena:ListWorkGroups",
"autoscaling:DescribeAutoScalingGroups",
"cloudformation:ListStackResources",
"cloudfront:ListDistributions",
"cloudhsm:DescribeClusters",
"cloudsearch:DescribeDomains",
"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"codebuild:ListProjects",
"datasync:ListTasks",
"dax:DescribeClusters",
"directconnect:DescribeConnections",
"dms:DescribeReplicationInstances",
"dynamodb:ListTables",
"dynamodb:ListTagsOfResource",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeInstances",
"ec2:DescribeNatGateways",
"ec2:DescribeSpotFleetRequests",
"ec2:DescribeTransitGateways",
"ec2:DescribeVolumes",
"ec2:DescribeVpnConnections",
"ecs:ListClusters",
"eks:ListClusters",
"elasticache:DescribeCacheClusters",
"elasticbeanstalk:DescribeEnvironmentResources",
"elasticbeanstalk:DescribeEnvironments",
"elasticfilesystem:DescribeFileSystems",
"elasticloadbalancing:DescribeInstanceHealth",
"elasticloadbalancing:DescribeListeners",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeRules",
"elasticloadbalancing:DescribeTags",
"elasticloadbalancing:DescribeTargetHealth",
"elasticmapreduce:ListClusters",
"elastictranscoder:ListPipelines",
"es:ListDomainNames",
"events:ListEventBuses",
"firehose:ListDeliveryStreams",
"fsx:DescribeFileSystems",
"gamelift:ListFleets",
"glue:GetJobs",
"inspector:ListAssessmentTemplates",
"kafka:ListClusters",
"kinesis:ListStreams",
"kinesisanalytics:ListApplications",
"kinesisvideo:ListStreams",
"lambda:ListFunctions",
"lambda:ListTags",
"lex:GetBots",
"logs:DescribeLogGroups",
"mediaconnect:ListFlows",
"mediaconvert:DescribeEndpoints",
"mediapackage-vod:ListPackagingConfigurations",
"mediapackage:ListChannels",
"mediatailor:ListPlaybackConfigurations",
"opsworks:DescribeStacks",
"qldb:ListLedgers",
"rds:DescribeDBClusters",
"rds:DescribeDBInstances",
"rds:DescribeEvents",
"rds:ListTagsForResource",
"redshift:DescribeClusters",
"robomaker:ListSimulationJobs",
"route53:ListHostedZones",
"route53resolver:ListResolverEndpoints",
"s3:ListAllMyBuckets",
"sagemaker:ListEndpoints",
"sns:ListTopics",
"sqs:ListQueues",
"storagegateway:ListGateways",
"sts:GetCallerIdentity",
"swf:ListDomains",
"tag:GetResources",
"tag:GetTagKeys",
"transfer:ListServers",
"workmail:ListOrganizations",
"workspaces:DescribeWorkspaces"
],
"Resource": "*"
}
]
}
If you don't want to add permissions to all services, and just select permissions for certain services, consult the table below. The table contains a set of permissions that are required for All AWS cloud services and, for each supporting service, a list of optional permissions specific to that service.
Permissions required for AWS monitoring integration:
"cloudwatch:GetMetricData""cloudwatch:GetMetricStatistics""cloudwatch:ListMetrics""sts:GetCallerIdentity""tag:GetResources""tag:GetTagKeys""ec2:DescribeAvailabilityZones"
Complete list of permissions for cloud services¶
| Name | Permissions |
|---|---|
| All monitored Amazon services Required | cloudwatch:GetMetricData, cloudwatch:GetMetricStatistics, cloudwatch:ListMetrics, sts:GetCallerIdentity, tag:GetResources, tag:GetTagKeys, ec2:DescribeAvailabilityZones |
| AWS Certificate Manager Private Certificate Authority | acm-pca:ListCertificateAuthorities |
| Amazon MQ | |
| Amazon API Gateway | apigateway:GET |
| AWS App Runner | apprunner:ListServices |
| Amazon AppStream | appstream:DescribeFleets |
| AWS AppSync | appsync:ListGraphqlApis |
| Amazon Athena | athena:ListWorkGroups |
| Amazon Aurora | rds:DescribeDBClusters |
| Amazon EC2 Auto Scaling | autoscaling:DescribeAutoScalingGroups |
| Amazon EC2 Auto Scaling (built-in) | autoscaling:DescribeAutoScalingGroups |
| AWS Billing | |
| Amazon Keyspaces | |
| AWS Chatbot | |
| Amazon CloudFront | cloudfront:ListDistributions |
| AWS CloudHSM | cloudhsm:DescribeClusters |
| Amazon CloudSearch | cloudsearch:DescribeDomains |
| AWS CodeBuild | codebuild:ListProjects |
| Amazon Cognito | |
| Amazon Connect | |
| Amazon Elastic Kubernetes Service (EKS) | eks:ListClusters |
| AWS DataSync | datasync:ListTasks |
| Amazon DynamoDB Accelerator (DAX) | dax:DescribeClusters |
| AWS Database Migration Service (AWS DMS) | dms:DescribeReplicationInstances |
| Amazon DocumentDB | rds:DescribeDBClusters |
| AWS Direct Connect | directconnect:DescribeConnections |
| Amazon DynamoDB | dynamodb:ListTables |
| Amazon DynamoDB (built-in) | dynamodb:ListTables, dynamodb:ListTagsOfResource |
| Amazon EBS | ec2:DescribeVolumes |
| Amazon EBS (built-in) | ec2:DescribeVolumes |
| Amazon EC2 API | |
| Amazon EC2 (built-in) | ec2:DescribeInstances |
| Amazon EC2 Spot Fleet | ec2:DescribeSpotFleetRequests |
| Amazon Elastic Container Service (ECS) | ecs:ListClusters |
| Amazon ECS Container Insights | ecs:ListClusters |
| Amazon ElastiCache (EC) | elasticache:DescribeCacheClusters |
| AWS Elastic Beanstalk | elasticbeanstalk:DescribeEnvironments |
| Amazon Elastic File System (EFS) | elasticfilesystem:DescribeFileSystems |
| Amazon Elastic Inference | |
| Amazon Elastic Map Reduce (EMR) | elasticmapreduce:ListClusters |
| Amazon Elasticsearch Service (ES) | es:ListDomainNames |
| Amazon Elastic Transcoder | elastictranscoder:ListPipelines |
| Amazon Elastic Load Balancer (ELB) (built-in) | elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth |
| Amazon EventBridge | events:ListEventBuses |
| Amazon FSx | fsx:DescribeFileSystems |
| Amazon GameLift | gamelift:ListFleets |
| AWS Glue | glue:GetJobs |
| Amazon Inspector | inspector:ListAssessmentTemplates |
| AWS Internet of Things (IoT) | |
| AWS IoT Analytics | |
| Amazon Managed Streaming for Kafka | kafka:ListClusters |
| Amazon Kinesis Data Analytics | kinesisanalytics:ListApplications |
| Amazon Data Firehose | firehose:ListDeliveryStreams |
| Amazon Kinesis Data Streams | kinesis:ListStreams |
| Amazon Kinesis Video Streams | kinesisvideo:ListStreams |
| AWS Lambda | lambda:ListFunctions |
| AWS Lambda (built-in) | lambda:ListFunctions, lambda:ListTags |
| Amazon Lex | lex:GetBots |
| Amazon Application and Network Load Balancer (built-in) | elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth |
| Amazon CloudWatch Logs | logs:DescribeLogGroups |
| AWS Elemental MediaConnect | mediaconnect:ListFlows |
| AWS Elemental MediaConvert | mediaconvert:DescribeEndpoints |
| AWS Elemental MediaPackage Live | mediapackage:ListChannels |
| AWS Elemental MediaPackage Video on Demand | mediapackage-vod:ListPackagingConfigurations |
| AWS Elemental MediaTailor | mediatailor:ListPlaybackConfigurations |
| Amazon VPC NAT Gateways | ec2:DescribeNatGateways |
| Amazon Neptune | rds:DescribeDBClusters |
| AWS OpsWorks | opsworks:DescribeStacks |
| Amazon Polly | |
| Amazon QLDB | qldb:ListLedgers |
| Amazon RDS | rds:DescribeDBInstances |
| Amazon RDS (built-in) | rds:DescribeDBInstances, rds:DescribeEvents, rds:ListTagsForResource |
| Amazon Redshift | redshift:DescribeClusters |
| Amazon Rekognition | |
| AWS RoboMaker | robomaker:ListSimulationJobs |
| Amazon Route 53 | route53:ListHostedZones |
| Amazon Route 53 Resolver | route53resolver:ListResolverEndpoints |
| Amazon S3 | s3:ListAllMyBuckets |
| Amazon S3 (built-in) | s3:ListAllMyBuckets |
| Amazon SageMaker Batch Transform Jobs | |
| Amazon SageMaker Endpoint Instances | sagemaker:ListEndpoints |
| Amazon SageMaker Endpoints | sagemaker:ListEndpoints |
| Amazon SageMaker Ground Truth | |
| Amazon SageMaker Processing Jobs | |
| Amazon SageMaker Training Jobs | |
| AWS Service Catalog | |
| Amazon Simple Email Service (SES) | |
| Amazon Simple Notification Service (SNS) | sns:ListTopics |
| Amazon Simple Queue Service (SQS) | sqs:ListQueues |
| AWS Systems Manager - Run Command | |
| AWS Step Functions | |
| AWS Storage Gateway | storagegateway:ListGateways |
| Amazon SWF | swf:ListDomains |
| Amazon Textract | |
| AWS IoT Things Graph | |
| AWS Transfer Family | transfer:ListServers |
| AWS Transit Gateway | ec2:DescribeTransitGateways |
| Amazon Translate | |
| AWS Trusted Advisor | |
| AWS API Usage | |
| AWS Site-to-Site VPN | ec2:DescribeVpnConnections |
| AWS WAF Classic | |
| AWS WAF | |
| Amazon WorkMail | workmail:ListOrganizations |
| Amazon WorkSpaces | workspaces:DescribeWorkspaces |
Example of JSON policy for one single service.
JSON policy for Amazon API Gateway
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"apigateway:GET",
"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"sts:GetCallerIdentity",
"tag:GetResources",
"tag:GetTagKeys",
"ec2:DescribeAvailabilityZones"
],
"Resource": "*"
}
]
}
In this example, from the complete list of permissions you need to select
"apigateway:GET"for Amazon API Gateway"cloudwatch:GetMetricData","cloudwatch:GetMetricStatistics","cloudwatch:ListMetrics","sts:GetCallerIdentity","tag:GetResources","tag:GetTagKeys", and"ec2:DescribeAvailabilityZones"for All AWS cloud services.
AWS endpoints that need to be reachable from ActiveGate with corresponding AWS services¶
| Endpoint | Service |
|---|---|
autoscaling.<REGION>.amazonaws.com |
Amazon EC2 Auto Scaling (built-in), Amazon EC2 Auto Scaling |
lambda.<REGION>.amazonaws.com |
AWS Lambda (built-in), AWS Lambda |
elasticloadbalancing.<REGION>.amazonaws.com |
Amazon Application and Network Load Balancer (built-in), Amazon Elastic Load Balancer (ELB) (built-in) |
dynamodb.<REGION>.amazonaws.com |
Amazon DynamoDB (built-in), Amazon DynamoDB |
ec2.<REGION>.amazonaws.com |
Amazon EBS (built-in), Amazon EC2 (built-in), Amazon EBS, Amazon EC2 Spot Fleet, Amazon VPC NAT Gateways, AWS Transit Gateway, AWS Site-to-Site VPN |
rds.<REGION>.amazonaws.com |
Amazon RDS (built-in), Amazon Aurora, Amazon DocumentDB, Amazon Neptune, Amazon RDS |
s3.<REGION>.amazonaws.com |
Amazon S3 (built-in) |
acm-pca.<REGION>.amazonaws.com |
AWS Certificate Manager Private Certificate Authority |
apigateway.<REGION>.amazonaws.com |
Amazon API Gateway |
apprunner.<REGION>.amazonaws.com |
AWS App Runner |
appstream2.<REGION>.amazonaws.com |
Amazon AppStream |
appsync.<REGION>.amazonaws.com |
AWS AppSync |
athena.<REGION>.amazonaws.com |
Amazon Athena |
cloudfront.amazonaws.com |
Amazon CloudFront |
cloudhsmv2.<REGION>.amazonaws.com |
AWS CloudHSM |
cloudsearch.<REGION>.amazonaws.com |
Amazon CloudSearch |
codebuild.<REGION>.amazonaws.com |
AWS CodeBuild |
datasync.<REGION>.amazonaws.com |
AWS DataSync |
dax.<REGION>.amazonaws.com |
Amazon DynamoDB Accelerator (DAX) |
dms.<REGION>.amazonaws.com |
AWS Database Migration Service (AWS DMS) |
directconnect.<REGION>.amazonaws.com |
AWS Direct Connect |
ecs.<REGION>.amazonaws.com |
Amazon Elastic Container Service (ECS), Amazon ECS Container Insights |
elasticfilesystem.<REGION>.amazonaws.com |
Amazon Elastic File System (EFS) |
eks.<REGION>.amazonaws.com |
Amazon Elastic Kubernetes Service (EKS) |
elasticache.<REGION>.amazonaws.com |
Amazon ElastiCache (EC) |
elasticbeanstalk.<REGION>.amazonaws.com |
AWS Elastic Beanstalk |
elastictranscoder.<REGION>.amazonaws.com |
Amazon Elastic Transcoder |
es.<REGION>.amazonaws.com |
Amazon Elasticsearch Service (ES) |
events.<REGION>.amazonaws.com |
Amazon EventBridge |
fsx.<REGION>.amazonaws.com |
Amazon FSx |
gamelift.<REGION>.amazonaws.com |
Amazon GameLift |
glue.<REGION>.amazonaws.com |
AWS Glue |
inspector.<REGION>.amazonaws.com |
Amazon Inspector |
kafka.<REGION>.amazonaws.com |
Amazon Managed Streaming for Kafka |
models.lex.<REGION>.amazonaws.com |
Amazon Lex |
logs.<REGION>.amazonaws.com |
Amazon CloudWatch Logs |
api.mediatailor.<REGION>.amazonaws.com |
AWS Elemental MediaTailor |
mediaconnect.<REGION>.amazonaws.com |
AWS Elemental MediaConnect |
mediapackage.<REGION>.amazonaws.com |
AWS Elemental MediaPackage Live |
mediapackage-vod.<REGION>.amazonaws.com |
AWS Elemental MediaPackage Video on Demand |
opsworks.<REGION>.amazonaws.com |
AWS OpsWorks |
qldb.<REGION>.amazonaws.com |
Amazon QLDB |
redshift.<REGION>.amazonaws.com |
Amazon Redshift |
robomaker.<REGION>.amazonaws.com |
AWS RoboMaker |
route53.amazonaws.com |
Amazon Route 53 |
route53resolver.<REGION>.amazonaws.com |
Amazon Route 53 Resolver |
api.sagemaker.<REGION>.amazonaws.com |
Amazon SageMaker Endpoints, Amazon SageMaker Endpoint Instances |
sns.<REGION>.amazonaws.com |
Amazon Simple Notification Service (SNS) |
sqs.<REGION>.amazonaws.com |
Amazon Simple Queue Service (SQS) |
storagegateway.<REGION>.amazonaws.com |
AWS Storage Gateway |
swf.<REGION>.amazonaws.com |
Amazon SWF |
transfer.<REGION>.amazonaws.com |
AWS Transfer Family |
workmail.<REGION>.amazonaws.com |
Amazon WorkMail |
workspaces.<REGION>.amazonaws.com |
Amazon WorkSpaces |
Enable monitoring¶
To learn how to enable service monitoring, see Enable service monitoring.
View service metrics¶
You can view the service metrics in your Dynatrace environment either on the custom device overview page or on your Dashboards page.
View metrics on the custom device overview page¶
To access the custom device overview page
- Go to
Technologies & Processes Classic. - Filter by service name and select the relevant custom device group.
- Once you select the custom device group, you're on the custom device group overview page.
- The custom device group overview page lists all instances (custom devices) belonging to the group. Select an instance to view the custom device overview page.
The Amazon EventBridge service is made up of one or multiple event buses. There is a default event bus, with service-wide metrics, and you can optionally create additional event buses called custom event buses.
The default event bus metrics can be viewed in the Further details section of the custom device group overview page. If you create additional event buses, the custom event bus metrics will show up in the Further details section of the custom device overview page.
View metrics on your dashboard¶
After you add the service to monitoring, a preset dashboard containing all recommended metrics is automatically listed on your Dashboards page. To look for specific dashboards, filter by Preset and then by Name.

For existing monitored services, you might need to resave your credentials for the preset dashboard to appear on the Dashboards page. To resave your credentials, go to Settings > Cloud and virtualization > AWS, select the desired AWS instance, and then select Save.
You can't make changes on a preset dashboard directly, but you can clone and edit it. To clone a dashboard, open the browse menu (â¦) and select Clone.
To remove a dashboard from the dashboards page, you can hide it. To hide a dashboard, open the browse menu (â¦) and select Hide.
Hiding a dashboard doesn't affect other users.

To check the availability of preset dashboards for each AWS service, see the list below.
Preset dashboard availability list¶
| AWS service | Preset dashboard |
|---|---|
| Amazon EC2 Auto Scaling (built-in) | Not applicable |
| AWS Lambda (built-in) | Not applicable |
| Amazon Application and Network Load Balancer (built-in) | Not applicable |
| Amazon DynamoDB (built-in) | Not applicable |
| Amazon EBS (built-in) | Not applicable |
| Amazon EC2 (built-in) | Not applicable |
| Amazon Elastic Load Balancer (ELB) (built-in) | Not applicable |
| Amazon RDS (built-in) | Not applicable |
| Amazon S3 (built-in) | Not applicable |
| AWS Certificate Manager Private Certificate Authority | Not applicable |
| All monitored Amazon services | Not applicable |
| Amazon API Gateway | Not applicable |
| AWS App Runner | Not applicable |
| Amazon AppStream | Applicable |
| AWS AppSync | Applicable |
| Amazon Athena | Applicable |
| Amazon Aurora | Not applicable |
| Amazon EC2 Auto Scaling | Applicable |
| AWS Billing | Applicable |
| Amazon Keyspaces | Applicable |
| AWS Chatbot | Applicable |
| Amazon CloudFront | Not applicable |
| AWS CloudHSM | Applicable |
| Amazon CloudSearch | Applicable |
| AWS CodeBuild | Applicable |
| Amazon Cognito | Not applicable |
| Amazon Connect | Applicable |
| AWS DataSync | Applicable |
| Amazon DynamoDB Accelerator (DAX) | Applicable |
| AWS Database Migration Service (AWS DMS) | Applicable |
| Amazon DocumentDB | Applicable |
| AWS Direct Connect | Applicable |
| Amazon DynamoDB | Not applicable |
| Amazon EBS | Not applicable |
| Amazon EC2 Spot Fleet | Not applicable |
| Amazon EC2 API | Applicable |
| Amazon Elastic Container Service (ECS) | Not applicable |
| Amazon ECS Container Insights | Applicable |
| Amazon Elastic File System (EFS) | Not applicable |
| Amazon Elastic Kubernetes Service (EKS) | Applicable |
| Amazon ElastiCache (EC) | Not applicable |
| AWS Elastic Beanstalk | Applicable |
| Amazon Elastic Inference | Applicable |
| Amazon Elastic Transcoder | Applicable |
| Amazon Elastic Map Reduce (EMR) | Not applicable |
| Amazon Elasticsearch Service (ES) | Not applicable |
| Amazon EventBridge | Applicable |
| Amazon FSx | Applicable |
| Amazon GameLift | Applicable |
| AWS Glue | Not applicable |
| Amazon Inspector | Applicable |
| AWS Internet of Things (IoT) | Not applicable |
| AWS IoT Things Graph | Applicable |
| AWS IoT Analytics | Applicable |
| Amazon Managed Streaming for Kafka | Applicable |
| Amazon Kinesis Data Analytics | Not applicable |
| Amazon Data Firehose | Not applicable |
| Amazon Kinesis Data Streams | Not applicable |
| Amazon Kinesis Video Streams | Not applicable |
| AWS Lambda | Not applicable |
| Amazon Lex | Applicable |
| Amazon CloudWatch Logs | Applicable |
| AWS Elemental MediaTailor | Applicable |
| AWS Elemental MediaConnect | Applicable |
| AWS Elemental MediaConvert | Applicable |
| AWS Elemental MediaPackage Live | Applicable |
| AWS Elemental MediaPackage Video on Demand | Applicable |
| Amazon MQ | Applicable |
| Amazon VPC NAT Gateways | Not applicable |
| Amazon Neptune | Applicable |
| AWS OpsWorks | Applicable |
| Amazon Polly | Applicable |
| Amazon QLDB | Applicable |
| Amazon RDS | Not applicable |
| Amazon Redshift | Not applicable |
| Amazon Rekognition | Applicable |
| AWS RoboMaker | Applicable |
| Amazon Route 53 | Applicable |
| Amazon Route 53 Resolver | Applicable |
| Amazon S3 | Not applicable |
| Amazon SageMaker Batch Transform Jobs | Not applicable |
| Amazon SageMaker Endpoints | Not applicable |
| Amazon SageMaker Endpoint Instances | Not applicable |
| Amazon SageMaker Ground Truth | Not applicable |
| Amazon SageMaker Processing Jobs | Not applicable |
| Amazon SageMaker Training Jobs | Not applicable |
| AWS Service Catalog | Applicable |
| Amazon Simple Email Service (SES) | Not applicable |
| Amazon Simple Notification Service (SNS) | Not applicable |
| Amazon Simple Queue Service (SQS) | Not applicable |
| AWS Systems Manager - Run Command | Applicable |
| AWS Step Functions | Applicable |
| AWS Storage Gateway | Applicable |
| Amazon SWF | Applicable |
| Amazon Textract | Applicable |
| AWS Transfer Family | Applicable |
| AWS Transit Gateway | Applicable |
| Amazon Translate | Applicable |
| AWS Trusted Advisor | Applicable |
| AWS API Usage | Applicable |
| AWS Site-to-Site VPN | Applicable |
| AWS WAF Classic | Applicable |
| AWS WAF | Applicable |
| Amazon WorkMail | Applicable |
| Amazon WorkSpaces | Applicable |

Available metrics¶
EventBusName is the main dimension.
| Name | Description | Unit | Statistics | Dimensions | Recommended |
|---|---|---|---|---|---|
| DeadLetterInvocations | The number of times a ruleâs target is not invoked in response to an event | Count | Sum | EventBusName, RuleName | Applicable |
| DeadLetterInvocations | Count | Sum | Region, RuleName | Applicable | |
| DeadLetterInvocations | Count | Sum | Region | Applicable | |
| FailedInvocations | The number of invocations that failed permanently | Count | Sum | EventBusName, RuleName | Applicable |
| FailedInvocations | Count | Sum | Region, RuleName | Applicable | |
| FailedInvocations | Count | Sum | Region | Applicable | |
| Invocations | The number of times a target is invoked for a rule in response to an event | Count | Sum | EventBusName, RuleName | Applicable |
| Invocations | Count | Sum | Region, RuleName | Applicable | |
| Invocations | Count | Sum | Region | Applicable | |
| MatchedEvents | The number of events that matched with any rule | Count | Sum | Region | Applicable |
| ThrottledRules | The number of triggered rules that are being throttled | Count | Sum | EventBusName, RuleName | Applicable |
| ThrottledRules | Count | Sum | Region, RuleName | Applicable | |
| ThrottledRules | Count | Sum | Region | Applicable | |
| TriggeredRules | The number of triggered rules that matched with any event | Count | Sum | EventBusName, RuleName | Applicable |
| TriggeredRules | Count | Sum | Region, RuleName | Applicable | |
| TriggeredRules | Count | Sum | Region | Applicable |
Limitations¶
Amazon EventBridge sends Invocations metrics to CloudWatch only if it has a non-zero value. For more information, see AWS documentation.
Source: aws-service-fsx.md¶
title: Amazon FSx monitoring source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-with-aws/aws-all-services/aws-service-fsx scraped: 2026-02-18T05:46:45.445516
Amazon FSx monitoring¶
Amazon FSx monitoring¶
- How-to guide
- 1-min read
- Published Jul 06, 2020
Dynatrace ingests metrics for multiple preselected namespaces, including Amazon FSx. You can view metrics for each service instance, split metrics into multiple dimensions, and create custom charts that you can pin to your dashboards.
Prerequisites¶
To enable monitoring for this service, you need
-
ActiveGate version 1.197+
-
For Dynatrace SaaS deployments, you need an Environment ActiveGate or a Multi-environment ActiveGate.
For role-based access in SaaS deployment, you need an Environment ActiveGate installed on an Amazon EC2 host.
- Dynatrace version 1.200+
- An updated AWS monitoring policy to include the additional AWS services.
To update the AWS IAM policy, use the JSON below, containing the monitoring policy (permissions) for all supporting services.
JSON predefined policy for all supporting services
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"acm-pca:ListCertificateAuthorities",
"apigateway:GET",
"apprunner:ListServices",
"appstream:DescribeFleets",
"appsync:ListGraphqlApis",
"athena:ListWorkGroups",
"autoscaling:DescribeAutoScalingGroups",
"cloudformation:ListStackResources",
"cloudfront:ListDistributions",
"cloudhsm:DescribeClusters",
"cloudsearch:DescribeDomains",
"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"codebuild:ListProjects",
"datasync:ListTasks",
"dax:DescribeClusters",
"directconnect:DescribeConnections",
"dms:DescribeReplicationInstances",
"dynamodb:ListTables",
"dynamodb:ListTagsOfResource",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeInstances",
"ec2:DescribeNatGateways",
"ec2:DescribeSpotFleetRequests",
"ec2:DescribeTransitGateways",
"ec2:DescribeVolumes",
"ec2:DescribeVpnConnections",
"ecs:ListClusters",
"eks:ListClusters",
"elasticache:DescribeCacheClusters",
"elasticbeanstalk:DescribeEnvironmentResources",
"elasticbeanstalk:DescribeEnvironments",
"elasticfilesystem:DescribeFileSystems",
"elasticloadbalancing:DescribeInstanceHealth",
"elasticloadbalancing:DescribeListeners",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeRules",
"elasticloadbalancing:DescribeTags",
"elasticloadbalancing:DescribeTargetHealth",
"elasticmapreduce:ListClusters",
"elastictranscoder:ListPipelines",
"es:ListDomainNames",
"events:ListEventBuses",
"firehose:ListDeliveryStreams",
"fsx:DescribeFileSystems",
"gamelift:ListFleets",
"glue:GetJobs",
"inspector:ListAssessmentTemplates",
"kafka:ListClusters",
"kinesis:ListStreams",
"kinesisanalytics:ListApplications",
"kinesisvideo:ListStreams",
"lambda:ListFunctions",
"lambda:ListTags",
"lex:GetBots",
"logs:DescribeLogGroups",
"mediaconnect:ListFlows",
"mediaconvert:DescribeEndpoints",
"mediapackage-vod:ListPackagingConfigurations",
"mediapackage:ListChannels",
"mediatailor:ListPlaybackConfigurations",
"opsworks:DescribeStacks",
"qldb:ListLedgers",
"rds:DescribeDBClusters",
"rds:DescribeDBInstances",
"rds:DescribeEvents",
"rds:ListTagsForResource",
"redshift:DescribeClusters",
"robomaker:ListSimulationJobs",
"route53:ListHostedZones",
"route53resolver:ListResolverEndpoints",
"s3:ListAllMyBuckets",
"sagemaker:ListEndpoints",
"sns:ListTopics",
"sqs:ListQueues",
"storagegateway:ListGateways",
"sts:GetCallerIdentity",
"swf:ListDomains",
"tag:GetResources",
"tag:GetTagKeys",
"transfer:ListServers",
"workmail:ListOrganizations",
"workspaces:DescribeWorkspaces"
],
"Resource": "*"
}
]
}
If you don't want to add permissions to all services, and just select permissions for certain services, consult the table below. The table contains a set of permissions that are required for All AWS cloud services and, for each supporting service, a list of optional permissions specific to that service.
Permissions required for AWS monitoring integration:
"cloudwatch:GetMetricData""cloudwatch:GetMetricStatistics""cloudwatch:ListMetrics""sts:GetCallerIdentity""tag:GetResources""tag:GetTagKeys""ec2:DescribeAvailabilityZones"
Complete list of permissions for cloud services¶
| Name | Permissions |
|---|---|
| All monitored Amazon services Required | cloudwatch:GetMetricData, cloudwatch:GetMetricStatistics, cloudwatch:ListMetrics, sts:GetCallerIdentity, tag:GetResources, tag:GetTagKeys, ec2:DescribeAvailabilityZones |
| AWS Certificate Manager Private Certificate Authority | acm-pca:ListCertificateAuthorities |
| Amazon MQ | |
| Amazon API Gateway | apigateway:GET |
| AWS App Runner | apprunner:ListServices |
| Amazon AppStream | appstream:DescribeFleets |
| AWS AppSync | appsync:ListGraphqlApis |
| Amazon Athena | athena:ListWorkGroups |
| Amazon Aurora | rds:DescribeDBClusters |
| Amazon EC2 Auto Scaling | autoscaling:DescribeAutoScalingGroups |
| Amazon EC2 Auto Scaling (built-in) | autoscaling:DescribeAutoScalingGroups |
| AWS Billing | |
| Amazon Keyspaces | |
| AWS Chatbot | |
| Amazon CloudFront | cloudfront:ListDistributions |
| AWS CloudHSM | cloudhsm:DescribeClusters |
| Amazon CloudSearch | cloudsearch:DescribeDomains |
| AWS CodeBuild | codebuild:ListProjects |
| Amazon Cognito | |
| Amazon Connect | |
| Amazon Elastic Kubernetes Service (EKS) | eks:ListClusters |
| AWS DataSync | datasync:ListTasks |
| Amazon DynamoDB Accelerator (DAX) | dax:DescribeClusters |
| AWS Database Migration Service (AWS DMS) | dms:DescribeReplicationInstances |
| Amazon DocumentDB | rds:DescribeDBClusters |
| AWS Direct Connect | directconnect:DescribeConnections |
| Amazon DynamoDB | dynamodb:ListTables |
| Amazon DynamoDB (built-in) | dynamodb:ListTables, dynamodb:ListTagsOfResource |
| Amazon EBS | ec2:DescribeVolumes |
| Amazon EBS (built-in) | ec2:DescribeVolumes |
| Amazon EC2 API | |
| Amazon EC2 (built-in) | ec2:DescribeInstances |
| Amazon EC2 Spot Fleet | ec2:DescribeSpotFleetRequests |
| Amazon Elastic Container Service (ECS) | ecs:ListClusters |
| Amazon ECS Container Insights | ecs:ListClusters |
| Amazon ElastiCache (EC) | elasticache:DescribeCacheClusters |
| AWS Elastic Beanstalk | elasticbeanstalk:DescribeEnvironments |
| Amazon Elastic File System (EFS) | elasticfilesystem:DescribeFileSystems |
| Amazon Elastic Inference | |
| Amazon Elastic Map Reduce (EMR) | elasticmapreduce:ListClusters |
| Amazon Elasticsearch Service (ES) | es:ListDomainNames |
| Amazon Elastic Transcoder | elastictranscoder:ListPipelines |
| Amazon Elastic Load Balancer (ELB) (built-in) | elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth |
| Amazon EventBridge | events:ListEventBuses |
| Amazon FSx | fsx:DescribeFileSystems |
| Amazon GameLift | gamelift:ListFleets |
| AWS Glue | glue:GetJobs |
| Amazon Inspector | inspector:ListAssessmentTemplates |
| AWS Internet of Things (IoT) | |
| AWS IoT Analytics | |
| Amazon Managed Streaming for Kafka | kafka:ListClusters |
| Amazon Kinesis Data Analytics | kinesisanalytics:ListApplications |
| Amazon Data Firehose | firehose:ListDeliveryStreams |
| Amazon Kinesis Data Streams | kinesis:ListStreams |
| Amazon Kinesis Video Streams | kinesisvideo:ListStreams |
| AWS Lambda | lambda:ListFunctions |
| AWS Lambda (built-in) | lambda:ListFunctions, lambda:ListTags |
| Amazon Lex | lex:GetBots |
| Amazon Application and Network Load Balancer (built-in) | elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth |
| Amazon CloudWatch Logs | logs:DescribeLogGroups |
| AWS Elemental MediaConnect | mediaconnect:ListFlows |
| AWS Elemental MediaConvert | mediaconvert:DescribeEndpoints |
| AWS Elemental MediaPackage Live | mediapackage:ListChannels |
| AWS Elemental MediaPackage Video on Demand | mediapackage-vod:ListPackagingConfigurations |
| AWS Elemental MediaTailor | mediatailor:ListPlaybackConfigurations |
| Amazon VPC NAT Gateways | ec2:DescribeNatGateways |
| Amazon Neptune | rds:DescribeDBClusters |
| AWS OpsWorks | opsworks:DescribeStacks |
| Amazon Polly | |
| Amazon QLDB | qldb:ListLedgers |
| Amazon RDS | rds:DescribeDBInstances |
| Amazon RDS (built-in) | rds:DescribeDBInstances, rds:DescribeEvents, rds:ListTagsForResource |
| Amazon Redshift | redshift:DescribeClusters |
| Amazon Rekognition | |
| AWS RoboMaker | robomaker:ListSimulationJobs |
| Amazon Route 53 | route53:ListHostedZones |
| Amazon Route 53 Resolver | route53resolver:ListResolverEndpoints |
| Amazon S3 | s3:ListAllMyBuckets |
| Amazon S3 (built-in) | s3:ListAllMyBuckets |
| Amazon SageMaker Batch Transform Jobs | |
| Amazon SageMaker Endpoint Instances | sagemaker:ListEndpoints |
| Amazon SageMaker Endpoints | sagemaker:ListEndpoints |
| Amazon SageMaker Ground Truth | |
| Amazon SageMaker Processing Jobs | |
| Amazon SageMaker Training Jobs | |
| AWS Service Catalog | |
| Amazon Simple Email Service (SES) | |
| Amazon Simple Notification Service (SNS) | sns:ListTopics |
| Amazon Simple Queue Service (SQS) | sqs:ListQueues |
| AWS Systems Manager - Run Command | |
| AWS Step Functions | |
| AWS Storage Gateway | storagegateway:ListGateways |
| Amazon SWF | swf:ListDomains |
| Amazon Textract | |
| AWS IoT Things Graph | |
| AWS Transfer Family | transfer:ListServers |
| AWS Transit Gateway | ec2:DescribeTransitGateways |
| Amazon Translate | |
| AWS Trusted Advisor | |
| AWS API Usage | |
| AWS Site-to-Site VPN | ec2:DescribeVpnConnections |
| AWS WAF Classic | |
| AWS WAF | |
| Amazon WorkMail | workmail:ListOrganizations |
| Amazon WorkSpaces | workspaces:DescribeWorkspaces |
Example of JSON policy for one single service.
JSON policy for Amazon API Gateway
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"apigateway:GET",
"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"sts:GetCallerIdentity",
"tag:GetResources",
"tag:GetTagKeys",
"ec2:DescribeAvailabilityZones"
],
"Resource": "*"
}
]
}
In this example, from the complete list of permissions you need to select
"apigateway:GET"for Amazon API Gateway"cloudwatch:GetMetricData","cloudwatch:GetMetricStatistics","cloudwatch:ListMetrics","sts:GetCallerIdentity","tag:GetResources","tag:GetTagKeys", and"ec2:DescribeAvailabilityZones"for All AWS cloud services.
AWS endpoints that need to be reachable from ActiveGate with corresponding AWS services¶
| Endpoint | Service |
|---|---|
autoscaling.<REGION>.amazonaws.com |
Amazon EC2 Auto Scaling (built-in), Amazon EC2 Auto Scaling |
lambda.<REGION>.amazonaws.com |
AWS Lambda (built-in), AWS Lambda |
elasticloadbalancing.<REGION>.amazonaws.com |
Amazon Application and Network Load Balancer (built-in), Amazon Elastic Load Balancer (ELB) (built-in) |
dynamodb.<REGION>.amazonaws.com |
Amazon DynamoDB (built-in), Amazon DynamoDB |
ec2.<REGION>.amazonaws.com |
Amazon EBS (built-in), Amazon EC2 (built-in), Amazon EBS, Amazon EC2 Spot Fleet, Amazon VPC NAT Gateways, AWS Transit Gateway, AWS Site-to-Site VPN |
rds.<REGION>.amazonaws.com |
Amazon RDS (built-in), Amazon Aurora, Amazon DocumentDB, Amazon Neptune, Amazon RDS |
s3.<REGION>.amazonaws.com |
Amazon S3 (built-in) |
acm-pca.<REGION>.amazonaws.com |
AWS Certificate Manager Private Certificate Authority |
apigateway.<REGION>.amazonaws.com |
Amazon API Gateway |
apprunner.<REGION>.amazonaws.com |
AWS App Runner |
appstream2.<REGION>.amazonaws.com |
Amazon AppStream |
appsync.<REGION>.amazonaws.com |
AWS AppSync |
athena.<REGION>.amazonaws.com |
Amazon Athena |
cloudfront.amazonaws.com |
Amazon CloudFront |
cloudhsmv2.<REGION>.amazonaws.com |
AWS CloudHSM |
cloudsearch.<REGION>.amazonaws.com |
Amazon CloudSearch |
codebuild.<REGION>.amazonaws.com |
AWS CodeBuild |
datasync.<REGION>.amazonaws.com |
AWS DataSync |
dax.<REGION>.amazonaws.com |
Amazon DynamoDB Accelerator (DAX) |
dms.<REGION>.amazonaws.com |
AWS Database Migration Service (AWS DMS) |
directconnect.<REGION>.amazonaws.com |
AWS Direct Connect |
ecs.<REGION>.amazonaws.com |
Amazon Elastic Container Service (ECS), Amazon ECS Container Insights |
elasticfilesystem.<REGION>.amazonaws.com |
Amazon Elastic File System (EFS) |
eks.<REGION>.amazonaws.com |
Amazon Elastic Kubernetes Service (EKS) |
elasticache.<REGION>.amazonaws.com |
Amazon ElastiCache (EC) |
elasticbeanstalk.<REGION>.amazonaws.com |
AWS Elastic Beanstalk |
elastictranscoder.<REGION>.amazonaws.com |
Amazon Elastic Transcoder |
es.<REGION>.amazonaws.com |
Amazon Elasticsearch Service (ES) |
events.<REGION>.amazonaws.com |
Amazon EventBridge |
fsx.<REGION>.amazonaws.com |
Amazon FSx |
gamelift.<REGION>.amazonaws.com |
Amazon GameLift |
glue.<REGION>.amazonaws.com |
AWS Glue |
inspector.<REGION>.amazonaws.com |
Amazon Inspector |
kafka.<REGION>.amazonaws.com |
Amazon Managed Streaming for Kafka |
models.lex.<REGION>.amazonaws.com |
Amazon Lex |
logs.<REGION>.amazonaws.com |
Amazon CloudWatch Logs |
api.mediatailor.<REGION>.amazonaws.com |
AWS Elemental MediaTailor |
mediaconnect.<REGION>.amazonaws.com |
AWS Elemental MediaConnect |
mediapackage.<REGION>.amazonaws.com |
AWS Elemental MediaPackage Live |
mediapackage-vod.<REGION>.amazonaws.com |
AWS Elemental MediaPackage Video on Demand |
opsworks.<REGION>.amazonaws.com |
AWS OpsWorks |
qldb.<REGION>.amazonaws.com |
Amazon QLDB |
redshift.<REGION>.amazonaws.com |
Amazon Redshift |
robomaker.<REGION>.amazonaws.com |
AWS RoboMaker |
route53.amazonaws.com |
Amazon Route 53 |
route53resolver.<REGION>.amazonaws.com |
Amazon Route 53 Resolver |
api.sagemaker.<REGION>.amazonaws.com |
Amazon SageMaker Endpoints, Amazon SageMaker Endpoint Instances |
sns.<REGION>.amazonaws.com |
Amazon Simple Notification Service (SNS) |
sqs.<REGION>.amazonaws.com |
Amazon Simple Queue Service (SQS) |
storagegateway.<REGION>.amazonaws.com |
AWS Storage Gateway |
swf.<REGION>.amazonaws.com |
Amazon SWF |
transfer.<REGION>.amazonaws.com |
AWS Transfer Family |
workmail.<REGION>.amazonaws.com |
Amazon WorkMail |
workspaces.<REGION>.amazonaws.com |
Amazon WorkSpaces |
Enable monitoring¶
To learn how to enable service monitoring, see Enable service monitoring.
View service metrics¶
You can view the service metrics in your Dynatrace environment either on the custom device overview page or on your Dashboards page.
View metrics on the custom device overview page¶
To access the custom device overview page
- Go to
Technologies & Processes Classic. - Filter by service name and select the relevant custom device group.
- Once you select the custom device group, you're on the custom device group overview page.
- The custom device group overview page lists all instances (custom devices) belonging to the group. Select an instance to view the custom device overview page.
View metrics on your dashboard¶
After you add the service to monitoring, a preset dashboard containing all recommended metrics is automatically listed on your Dashboards page. To look for specific dashboards, filter by Preset and then by Name.

For existing monitored services, you might need to resave your credentials for the preset dashboard to appear on the Dashboards page. To resave your credentials, go to Settings > Cloud and virtualization > AWS, select the desired AWS instance, and then select Save.
You can't make changes on a preset dashboard directly, but you can clone and edit it. To clone a dashboard, open the browse menu (â¦) and select Clone.
To remove a dashboard from the dashboards page, you can hide it. To hide a dashboard, open the browse menu (â¦) and select Hide.
Hiding a dashboard doesn't affect other users.

To check the availability of preset dashboards for each AWS service, see the list below.
Preset dashboard availability list¶
| AWS service | Preset dashboard |
|---|---|
| Amazon EC2 Auto Scaling (built-in) | Not applicable |
| AWS Lambda (built-in) | Not applicable |
| Amazon Application and Network Load Balancer (built-in) | Not applicable |
| Amazon DynamoDB (built-in) | Not applicable |
| Amazon EBS (built-in) | Not applicable |
| Amazon EC2 (built-in) | Not applicable |
| Amazon Elastic Load Balancer (ELB) (built-in) | Not applicable |
| Amazon RDS (built-in) | Not applicable |
| Amazon S3 (built-in) | Not applicable |
| AWS Certificate Manager Private Certificate Authority | Not applicable |
| All monitored Amazon services | Not applicable |
| Amazon API Gateway | Not applicable |
| AWS App Runner | Not applicable |
| Amazon AppStream | Applicable |
| AWS AppSync | Applicable |
| Amazon Athena | Applicable |
| Amazon Aurora | Not applicable |
| Amazon EC2 Auto Scaling | Applicable |
| AWS Billing | Applicable |
| Amazon Keyspaces | Applicable |
| AWS Chatbot | Applicable |
| Amazon CloudFront | Not applicable |
| AWS CloudHSM | Applicable |
| Amazon CloudSearch | Applicable |
| AWS CodeBuild | Applicable |
| Amazon Cognito | Not applicable |
| Amazon Connect | Applicable |
| AWS DataSync | Applicable |
| Amazon DynamoDB Accelerator (DAX) | Applicable |
| AWS Database Migration Service (AWS DMS) | Applicable |
| Amazon DocumentDB | Applicable |
| AWS Direct Connect | Applicable |
| Amazon DynamoDB | Not applicable |
| Amazon EBS | Not applicable |
| Amazon EC2 Spot Fleet | Not applicable |
| Amazon EC2 API | Applicable |
| Amazon Elastic Container Service (ECS) | Not applicable |
| Amazon ECS Container Insights | Applicable |
| Amazon Elastic File System (EFS) | Not applicable |
| Amazon Elastic Kubernetes Service (EKS) | Applicable |
| Amazon ElastiCache (EC) | Not applicable |
| AWS Elastic Beanstalk | Applicable |
| Amazon Elastic Inference | Applicable |
| Amazon Elastic Transcoder | Applicable |
| Amazon Elastic Map Reduce (EMR) | Not applicable |
| Amazon Elasticsearch Service (ES) | Not applicable |
| Amazon EventBridge | Applicable |
| Amazon FSx | Applicable |
| Amazon GameLift | Applicable |
| AWS Glue | Not applicable |
| Amazon Inspector | Applicable |
| AWS Internet of Things (IoT) | Not applicable |
| AWS IoT Things Graph | Applicable |
| AWS IoT Analytics | Applicable |
| Amazon Managed Streaming for Kafka | Applicable |
| Amazon Kinesis Data Analytics | Not applicable |
| Amazon Data Firehose | Not applicable |
| Amazon Kinesis Data Streams | Not applicable |
| Amazon Kinesis Video Streams | Not applicable |
| AWS Lambda | Not applicable |
| Amazon Lex | Applicable |
| Amazon CloudWatch Logs | Applicable |
| AWS Elemental MediaTailor | Applicable |
| AWS Elemental MediaConnect | Applicable |
| AWS Elemental MediaConvert | Applicable |
| AWS Elemental MediaPackage Live | Applicable |
| AWS Elemental MediaPackage Video on Demand | Applicable |
| Amazon MQ | Applicable |
| Amazon VPC NAT Gateways | Not applicable |
| Amazon Neptune | Applicable |
| AWS OpsWorks | Applicable |
| Amazon Polly | Applicable |
| Amazon QLDB | Applicable |
| Amazon RDS | Not applicable |
| Amazon Redshift | Not applicable |
| Amazon Rekognition | Applicable |
| AWS RoboMaker | Applicable |
| Amazon Route 53 | Applicable |
| Amazon Route 53 Resolver | Applicable |
| Amazon S3 | Not applicable |
| Amazon SageMaker Batch Transform Jobs | Not applicable |
| Amazon SageMaker Endpoints | Not applicable |
| Amazon SageMaker Endpoint Instances | Not applicable |
| Amazon SageMaker Ground Truth | Not applicable |
| Amazon SageMaker Processing Jobs | Not applicable |
| Amazon SageMaker Training Jobs | Not applicable |
| AWS Service Catalog | Applicable |
| Amazon Simple Email Service (SES) | Not applicable |
| Amazon Simple Notification Service (SNS) | Not applicable |
| Amazon Simple Queue Service (SQS) | Not applicable |
| AWS Systems Manager - Run Command | Applicable |
| AWS Step Functions | Applicable |
| AWS Storage Gateway | Applicable |
| Amazon SWF | Applicable |
| Amazon Textract | Applicable |
| AWS Transfer Family | Applicable |
| AWS Transit Gateway | Applicable |
| Amazon Translate | Applicable |
| AWS Trusted Advisor | Applicable |
| AWS API Usage | Applicable |
| AWS Site-to-Site VPN | Applicable |
| AWS WAF Classic | Applicable |
| AWS WAF | Applicable |
| Amazon WorkMail | Applicable |
| Amazon WorkSpaces | Applicable |

Available metrics¶
FileSystemId is the main dimension.
| Name | Description | Unit | Statistics | Dimensions | Recommended |
|---|---|---|---|---|---|
| DataReadBytes | DataReadBytes | Bytes | Multi | FileSystemId | Applicable |
| DataReadBytes | Bytes | Sum | FileSystemId | ||
| DataReadOperations | The number of read operations | Count | Sum | FileSystemId | Applicable |
| DataWriteBytes | The number of bytes for file system write operations | Bytes | Multi | FileSystemId | Applicable |
| DataWriteBytes | Bytes | Sum | FileSystemId | ||
| DataWriteOperations | The number of write operations | Count | Sum | FileSystemId | Applicable |
| FreeStorageCapacity | The amount of available storage capacity | Bytes | Multi | FileSystemId | Applicable |
| MetadataOperations | The number of metadata operations | Count | Sum | FileSystemId | Applicable |
Source: aws-service-inspector.md¶
title: Amazon Inspector monitoring source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-with-aws/aws-all-services/aws-service-inspector scraped: 2026-02-18T05:45:26.725685
Amazon Inspector monitoring¶
Amazon Inspector monitoring¶
- How-to guide
- 2-min read
- Published Oct 12, 2020
Dynatrace ingests metrics for multiple preselected namespaces, including Amazon Inspector. You can view metrics for each service instance, split metrics into multiple dimensions, and create custom charts that you can pin to your dashboards.
Prerequisites¶
To enable monitoring for this service, you need
- An Environment or Cluster ActiveGate version 1.203+
- Dynatrace version 1.204+
- An updated AWS monitoring policy to include the additional AWS services.
To update the AWS IAM policy, use the JSON below.
Predefined policy in JSON
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"acm-pca:ListCertificateAuthorities",
"apigateway:GET",
"apprunner:ListServices",
"appstream:DescribeFleets",
"appsync:ListGraphqlApis",
"athena:ListWorkGroups",
"autoscaling:DescribeAutoScalingGroups",
"cloudformation:ListStackResources",
"cloudfront:ListDistributions",
"cloudhsm:DescribeClusters",
"cloudsearch:DescribeDomains",
"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"codebuild:ListProjects",
"datasync:ListTasks",
"dax:DescribeClusters",
"directconnect:DescribeConnections",
"dms:DescribeReplicationInstances",
"dynamodb:ListTables",
"dynamodb:ListTagsOfResource",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeInstances",
"ec2:DescribeNatGateways",
"ec2:DescribeSpotFleetRequests",
"ec2:DescribeTransitGateways",
"ec2:DescribeVolumes",
"ec2:DescribeVpnConnections",
"ecs:ListClusters",
"eks:ListClusters",
"elasticache:DescribeCacheClusters",
"elasticbeanstalk:DescribeEnvironmentResources",
"elasticbeanstalk:DescribeEnvironments",
"elasticfilesystem:DescribeFileSystems",
"elasticloadbalancing:DescribeInstanceHealth",
"elasticloadbalancing:DescribeListeners",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeRules",
"elasticloadbalancing:DescribeTags",
"elasticloadbalancing:DescribeTargetHealth",
"elasticmapreduce:ListClusters",
"elastictranscoder:ListPipelines",
"es:ListDomainNames",
"events:ListEventBuses",
"firehose:ListDeliveryStreams",
"fsx:DescribeFileSystems",
"gamelift:ListFleets",
"glue:GetJobs",
"inspector:ListAssessmentTemplates",
"kafka:ListClusters",
"kinesis:ListStreams",
"kinesisanalytics:ListApplications",
"kinesisvideo:ListStreams",
"lambda:ListFunctions",
"lambda:ListTags",
"lex:GetBots",
"logs:DescribeLogGroups",
"mediaconnect:ListFlows",
"mediaconvert:DescribeEndpoints",
"mediapackage-vod:ListPackagingConfigurations",
"mediapackage:ListChannels",
"mediatailor:ListPlaybackConfigurations",
"opsworks:DescribeStacks",
"qldb:ListLedgers",
"rds:DescribeDBClusters",
"rds:DescribeDBInstances",
"rds:DescribeEvents",
"rds:ListTagsForResource",
"redshift:DescribeClusters",
"robomaker:ListSimulationJobs",
"route53:ListHostedZones",
"route53resolver:ListResolverEndpoints",
"s3:ListAllMyBuckets",
"sagemaker:ListEndpoints",
"sns:ListTopics",
"sqs:ListQueues",
"storagegateway:ListGateways",
"sts:GetCallerIdentity",
"swf:ListDomains",
"tag:GetResources",
"tag:GetTagKeys",
"transfer:ListServers",
"workmail:ListOrganizations",
"workspaces:DescribeWorkspaces"
],
"Resource": "*"
}
]
}
AWS endpoints that need to be reachable from ActiveGate with corresponding AWS services¶
| Endpoint | Service |
|---|---|
autoscaling.<REGION>.amazonaws.com |
Amazon EC2 Auto Scaling (built-in), Amazon EC2 Auto Scaling |
lambda.<REGION>.amazonaws.com |
AWS Lambda (built-in), AWS Lambda |
elasticloadbalancing.<REGION>.amazonaws.com |
Amazon Application and Network Load Balancer (built-in), Amazon Elastic Load Balancer (ELB) (built-in) |
dynamodb.<REGION>.amazonaws.com |
Amazon DynamoDB (built-in), Amazon DynamoDB |
ec2.<REGION>.amazonaws.com |
Amazon EBS (built-in), Amazon EC2 (built-in), Amazon EBS, Amazon EC2 Spot Fleet, Amazon VPC NAT Gateways, AWS Transit Gateway, AWS Site-to-Site VPN |
rds.<REGION>.amazonaws.com |
Amazon RDS (built-in), Amazon Aurora, Amazon DocumentDB, Amazon Neptune, Amazon RDS |
s3.<REGION>.amazonaws.com |
Amazon S3 (built-in) |
acm-pca.<REGION>.amazonaws.com |
AWS Certificate Manager Private Certificate Authority |
apigateway.<REGION>.amazonaws.com |
Amazon API Gateway |
apprunner.<REGION>.amazonaws.com |
AWS App Runner |
appstream2.<REGION>.amazonaws.com |
Amazon AppStream |
appsync.<REGION>.amazonaws.com |
AWS AppSync |
athena.<REGION>.amazonaws.com |
Amazon Athena |
cloudfront.amazonaws.com |
Amazon CloudFront |
cloudhsmv2.<REGION>.amazonaws.com |
AWS CloudHSM |
cloudsearch.<REGION>.amazonaws.com |
Amazon CloudSearch |
codebuild.<REGION>.amazonaws.com |
AWS CodeBuild |
datasync.<REGION>.amazonaws.com |
AWS DataSync |
dax.<REGION>.amazonaws.com |
Amazon DynamoDB Accelerator (DAX) |
dms.<REGION>.amazonaws.com |
AWS Database Migration Service (AWS DMS) |
directconnect.<REGION>.amazonaws.com |
AWS Direct Connect |
ecs.<REGION>.amazonaws.com |
Amazon Elastic Container Service (ECS), Amazon ECS Container Insights |
elasticfilesystem.<REGION>.amazonaws.com |
Amazon Elastic File System (EFS) |
eks.<REGION>.amazonaws.com |
Amazon Elastic Kubernetes Service (EKS) |
elasticache.<REGION>.amazonaws.com |
Amazon ElastiCache (EC) |
elasticbeanstalk.<REGION>.amazonaws.com |
AWS Elastic Beanstalk |
elastictranscoder.<REGION>.amazonaws.com |
Amazon Elastic Transcoder |
es.<REGION>.amazonaws.com |
Amazon Elasticsearch Service (ES) |
events.<REGION>.amazonaws.com |
Amazon EventBridge |
fsx.<REGION>.amazonaws.com |
Amazon FSx |
gamelift.<REGION>.amazonaws.com |
Amazon GameLift |
glue.<REGION>.amazonaws.com |
AWS Glue |
inspector.<REGION>.amazonaws.com |
Amazon Inspector |
kafka.<REGION>.amazonaws.com |
Amazon Managed Streaming for Kafka |
models.lex.<REGION>.amazonaws.com |
Amazon Lex |
logs.<REGION>.amazonaws.com |
Amazon CloudWatch Logs |
api.mediatailor.<REGION>.amazonaws.com |
AWS Elemental MediaTailor |
mediaconnect.<REGION>.amazonaws.com |
AWS Elemental MediaConnect |
mediapackage.<REGION>.amazonaws.com |
AWS Elemental MediaPackage Live |
mediapackage-vod.<REGION>.amazonaws.com |
AWS Elemental MediaPackage Video on Demand |
opsworks.<REGION>.amazonaws.com |
AWS OpsWorks |
qldb.<REGION>.amazonaws.com |
Amazon QLDB |
redshift.<REGION>.amazonaws.com |
Amazon Redshift |
robomaker.<REGION>.amazonaws.com |
AWS RoboMaker |
route53.amazonaws.com |
Amazon Route 53 |
route53resolver.<REGION>.amazonaws.com |
Amazon Route 53 Resolver |
api.sagemaker.<REGION>.amazonaws.com |
Amazon SageMaker Endpoints, Amazon SageMaker Endpoint Instances |
sns.<REGION>.amazonaws.com |
Amazon Simple Notification Service (SNS) |
sqs.<REGION>.amazonaws.com |
Amazon Simple Queue Service (SQS) |
storagegateway.<REGION>.amazonaws.com |
AWS Storage Gateway |
swf.<REGION>.amazonaws.com |
Amazon SWF |
transfer.<REGION>.amazonaws.com |
AWS Transfer Family |
workmail.<REGION>.amazonaws.com |
Amazon WorkMail |
workspaces.<REGION>.amazonaws.com |
Amazon WorkSpaces |
Enable monitoring¶
To learn how to enable service monitoring, see Enable service monitoring.
View service metrics¶
You can view the service metrics in your Dynatrace environment either on the custom device overview page or on your Dashboards page.
View metrics on the custom device overview page¶
To access the custom device overview page
- Go to
Technologies & Processes Classic. - Filter by service name and select the relevant custom device group.
- Once you select the custom device group, you're on the custom device group overview page.
- The custom device group overview page lists all instances (custom devices) belonging to the group. Select an instance to view the custom device overview page.
View metrics on your dashboard¶
After you add the service to monitoring, a preset dashboard containing all recommended metrics is automatically listed on your Dashboards page. To look for specific dashboards, filter by Preset and then by Name.

For existing monitored services, you might need to resave your credentials for the preset dashboard to appear on the Dashboards page. To resave your credentials, go to Settings > Cloud and virtualization > AWS, select the desired AWS instance, and then select Save.
You can't make changes on a preset dashboard directly, but you can clone and edit it. To clone a dashboard, open the browse menu (â¦) and select Clone.
To remove a dashboard from the dashboards page, you can hide it. To hide a dashboard, open the browse menu (â¦) and select Hide.
Hiding a dashboard doesn't affect other users.

To check the availability of preset dashboards for each AWS service, see the list below.
Preset dashboard availability list¶
| AWS service | Preset dashboard |
|---|---|
| Amazon EC2 Auto Scaling (built-in) | Not applicable |
| AWS Lambda (built-in) | Not applicable |
| Amazon Application and Network Load Balancer (built-in) | Not applicable |
| Amazon DynamoDB (built-in) | Not applicable |
| Amazon EBS (built-in) | Not applicable |
| Amazon EC2 (built-in) | Not applicable |
| Amazon Elastic Load Balancer (ELB) (built-in) | Not applicable |
| Amazon RDS (built-in) | Not applicable |
| Amazon S3 (built-in) | Not applicable |
| AWS Certificate Manager Private Certificate Authority | Not applicable |
| All monitored Amazon services | Not applicable |
| Amazon API Gateway | Not applicable |
| AWS App Runner | Not applicable |
| Amazon AppStream | Applicable |
| AWS AppSync | Applicable |
| Amazon Athena | Applicable |
| Amazon Aurora | Not applicable |
| Amazon EC2 Auto Scaling | Applicable |
| AWS Billing | Applicable |
| Amazon Keyspaces | Applicable |
| AWS Chatbot | Applicable |
| Amazon CloudFront | Not applicable |
| AWS CloudHSM | Applicable |
| Amazon CloudSearch | Applicable |
| AWS CodeBuild | Applicable |
| Amazon Cognito | Not applicable |
| Amazon Connect | Applicable |
| AWS DataSync | Applicable |
| Amazon DynamoDB Accelerator (DAX) | Applicable |
| AWS Database Migration Service (AWS DMS) | Applicable |
| Amazon DocumentDB | Applicable |
| AWS Direct Connect | Applicable |
| Amazon DynamoDB | Not applicable |
| Amazon EBS | Not applicable |
| Amazon EC2 Spot Fleet | Not applicable |
| Amazon EC2 API | Applicable |
| Amazon Elastic Container Service (ECS) | Not applicable |
| Amazon ECS Container Insights | Applicable |
| Amazon Elastic File System (EFS) | Not applicable |
| Amazon Elastic Kubernetes Service (EKS) | Applicable |
| Amazon ElastiCache (EC) | Not applicable |
| AWS Elastic Beanstalk | Applicable |
| Amazon Elastic Inference | Applicable |
| Amazon Elastic Transcoder | Applicable |
| Amazon Elastic Map Reduce (EMR) | Not applicable |
| Amazon Elasticsearch Service (ES) | Not applicable |
| Amazon EventBridge | Applicable |
| Amazon FSx | Applicable |
| Amazon GameLift | Applicable |
| AWS Glue | Not applicable |
| Amazon Inspector | Applicable |
| AWS Internet of Things (IoT) | Not applicable |
| AWS IoT Things Graph | Applicable |
| AWS IoT Analytics | Applicable |
| Amazon Managed Streaming for Kafka | Applicable |
| Amazon Kinesis Data Analytics | Not applicable |
| Amazon Data Firehose | Not applicable |
| Amazon Kinesis Data Streams | Not applicable |
| Amazon Kinesis Video Streams | Not applicable |
| AWS Lambda | Not applicable |
| Amazon Lex | Applicable |
| Amazon CloudWatch Logs | Applicable |
| AWS Elemental MediaTailor | Applicable |
| AWS Elemental MediaConnect | Applicable |
| AWS Elemental MediaConvert | Applicable |
| AWS Elemental MediaPackage Live | Applicable |
| AWS Elemental MediaPackage Video on Demand | Applicable |
| Amazon MQ | Applicable |
| Amazon VPC NAT Gateways | Not applicable |
| Amazon Neptune | Applicable |
| AWS OpsWorks | Applicable |
| Amazon Polly | Applicable |
| Amazon QLDB | Applicable |
| Amazon RDS | Not applicable |
| Amazon Redshift | Not applicable |
| Amazon Rekognition | Applicable |
| AWS RoboMaker | Applicable |
| Amazon Route 53 | Applicable |
| Amazon Route 53 Resolver | Applicable |
| Amazon S3 | Not applicable |
| Amazon SageMaker Batch Transform Jobs | Not applicable |
| Amazon SageMaker Endpoints | Not applicable |
| Amazon SageMaker Endpoint Instances | Not applicable |
| Amazon SageMaker Ground Truth | Not applicable |
| Amazon SageMaker Processing Jobs | Not applicable |
| Amazon SageMaker Training Jobs | Not applicable |
| AWS Service Catalog | Applicable |
| Amazon Simple Email Service (SES) | Not applicable |
| Amazon Simple Notification Service (SNS) | Not applicable |
| Amazon Simple Queue Service (SQS) | Not applicable |
| AWS Systems Manager - Run Command | Applicable |
| AWS Step Functions | Applicable |
| AWS Storage Gateway | Applicable |
| Amazon SWF | Applicable |
| Amazon Textract | Applicable |
| AWS Transfer Family | Applicable |
| AWS Transit Gateway | Applicable |
| Amazon Translate | Applicable |
| AWS Trusted Advisor | Applicable |
| AWS API Usage | Applicable |
| AWS Site-to-Site VPN | Applicable |
| AWS WAF Classic | Applicable |
| AWS WAF | Applicable |
| Amazon WorkMail | Applicable |
| Amazon WorkSpaces | Applicable |

Available metrics¶
AssessmentTemplateArn is the main dimension.
| Name | Description | Unit | Statistics | Dimensions | Recommended |
|---|---|---|---|---|---|
| TotalAssessmentRuns | Number of assessment runs for this target | Count | Sum | Region, AssessmentTargetArn, AssessmentTargetName | |
| TotalAssessmentRuns | Count | Sum | AssessmentTemplateArn, AssessmentTemplateName | Applicable | |
| TotalFindings | Number of findings for this template | Count | Sum | Region, AssessmentTargetArn, AssessmentTargetName | |
| TotalFindings | Count | Sum | AssessmentTemplateArn, AssessmentTemplateName | Applicable | |
| TotalHealthyAgents | Number of agents that match this target that are healthy | Count | Sum | Region, AssessmentTargetArn, AssessmentTargetName | |
| TotalHealthyAgents | Count | Sum | AssessmentTemplateArn, AssessmentTemplateName | Applicable | |
| TotalMatchingAgents | Number of agents that match this template | Count | Sum | Region, AssessmentTargetArn, AssessmentTargetName | |
| TotalMatchingAgents | Count | Sum | AssessmentTemplateArn, AssessmentTemplateName | Applicable |
Source: aws-service-lambda-new.md¶
title: AWS Lambda monitoring source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-with-aws/aws-all-services/aws-service-lambda-new scraped: 2026-02-18T05:53:40.608382
AWS Lambda monitoring¶
AWS Lambda monitoring¶
- How-to guide
- 1-min read
- Updated on Nov 15, 2023
For information about differences between classic services and other services, see Migrate from AWS classic (formerly 'built-in') services to cloud services.
Dynatrace ingests metrics for multiple preselected namespaces, including AWS Lambda. You can view metrics for each service instance, split metrics into multiple dimensions, and create custom charts that you can pin to your dashboards.
Prerequisites¶
To enable monitoring for this service, you need
-
ActiveGate version 1.197+
-
For Dynatrace SaaS deployments, you need an Environment ActiveGate or a Multi-environment ActiveGate.
For role-based access in SaaS deployment, you need an Environment ActiveGate installed on an Amazon EC2 host.
- Dynatrace version 1.200+
- An updated AWS monitoring policy to include the additional AWS services.
To update the AWS IAM policy, use the JSON below, containing the monitoring policy (permissions) for all supporting services.
JSON predefined policy for all supporting services
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"acm-pca:ListCertificateAuthorities",
"apigateway:GET",
"apprunner:ListServices",
"appstream:DescribeFleets",
"appsync:ListGraphqlApis",
"athena:ListWorkGroups",
"autoscaling:DescribeAutoScalingGroups",
"cloudformation:ListStackResources",
"cloudfront:ListDistributions",
"cloudhsm:DescribeClusters",
"cloudsearch:DescribeDomains",
"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"codebuild:ListProjects",
"datasync:ListTasks",
"dax:DescribeClusters",
"directconnect:DescribeConnections",
"dms:DescribeReplicationInstances",
"dynamodb:ListTables",
"dynamodb:ListTagsOfResource",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeInstances",
"ec2:DescribeNatGateways",
"ec2:DescribeSpotFleetRequests",
"ec2:DescribeTransitGateways",
"ec2:DescribeVolumes",
"ec2:DescribeVpnConnections",
"ecs:ListClusters",
"eks:ListClusters",
"elasticache:DescribeCacheClusters",
"elasticbeanstalk:DescribeEnvironmentResources",
"elasticbeanstalk:DescribeEnvironments",
"elasticfilesystem:DescribeFileSystems",
"elasticloadbalancing:DescribeInstanceHealth",
"elasticloadbalancing:DescribeListeners",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeRules",
"elasticloadbalancing:DescribeTags",
"elasticloadbalancing:DescribeTargetHealth",
"elasticmapreduce:ListClusters",
"elastictranscoder:ListPipelines",
"es:ListDomainNames",
"events:ListEventBuses",
"firehose:ListDeliveryStreams",
"fsx:DescribeFileSystems",
"gamelift:ListFleets",
"glue:GetJobs",
"inspector:ListAssessmentTemplates",
"kafka:ListClusters",
"kinesis:ListStreams",
"kinesisanalytics:ListApplications",
"kinesisvideo:ListStreams",
"lambda:ListFunctions",
"lambda:ListTags",
"lex:GetBots",
"logs:DescribeLogGroups",
"mediaconnect:ListFlows",
"mediaconvert:DescribeEndpoints",
"mediapackage-vod:ListPackagingConfigurations",
"mediapackage:ListChannels",
"mediatailor:ListPlaybackConfigurations",
"opsworks:DescribeStacks",
"qldb:ListLedgers",
"rds:DescribeDBClusters",
"rds:DescribeDBInstances",
"rds:DescribeEvents",
"rds:ListTagsForResource",
"redshift:DescribeClusters",
"robomaker:ListSimulationJobs",
"route53:ListHostedZones",
"route53resolver:ListResolverEndpoints",
"s3:ListAllMyBuckets",
"sagemaker:ListEndpoints",
"sns:ListTopics",
"sqs:ListQueues",
"storagegateway:ListGateways",
"sts:GetCallerIdentity",
"swf:ListDomains",
"tag:GetResources",
"tag:GetTagKeys",
"transfer:ListServers",
"workmail:ListOrganizations",
"workspaces:DescribeWorkspaces"
],
"Resource": "*"
}
]
}
If you don't want to add permissions to all services, and just select permissions for certain services, consult the table below. The table contains a set of permissions that are required for All AWS cloud services and, for each supporting service, a list of optional permissions specific to that service.
Permissions required for AWS monitoring integration:
"cloudwatch:GetMetricData""cloudwatch:GetMetricStatistics""cloudwatch:ListMetrics""sts:GetCallerIdentity""tag:GetResources""tag:GetTagKeys""ec2:DescribeAvailabilityZones"
Complete list of permissions for cloud services¶
| Name | Permissions |
|---|---|
| All monitored Amazon services Required | cloudwatch:GetMetricData, cloudwatch:GetMetricStatistics, cloudwatch:ListMetrics, sts:GetCallerIdentity, tag:GetResources, tag:GetTagKeys, ec2:DescribeAvailabilityZones |
| AWS Certificate Manager Private Certificate Authority | acm-pca:ListCertificateAuthorities |
| Amazon MQ | |
| Amazon API Gateway | apigateway:GET |
| AWS App Runner | apprunner:ListServices |
| Amazon AppStream | appstream:DescribeFleets |
| AWS AppSync | appsync:ListGraphqlApis |
| Amazon Athena | athena:ListWorkGroups |
| Amazon Aurora | rds:DescribeDBClusters |
| Amazon EC2 Auto Scaling | autoscaling:DescribeAutoScalingGroups |
| Amazon EC2 Auto Scaling (built-in) | autoscaling:DescribeAutoScalingGroups |
| AWS Billing | |
| Amazon Keyspaces | |
| AWS Chatbot | |
| Amazon CloudFront | cloudfront:ListDistributions |
| AWS CloudHSM | cloudhsm:DescribeClusters |
| Amazon CloudSearch | cloudsearch:DescribeDomains |
| AWS CodeBuild | codebuild:ListProjects |
| Amazon Cognito | |
| Amazon Connect | |
| Amazon Elastic Kubernetes Service (EKS) | eks:ListClusters |
| AWS DataSync | datasync:ListTasks |
| Amazon DynamoDB Accelerator (DAX) | dax:DescribeClusters |
| AWS Database Migration Service (AWS DMS) | dms:DescribeReplicationInstances |
| Amazon DocumentDB | rds:DescribeDBClusters |
| AWS Direct Connect | directconnect:DescribeConnections |
| Amazon DynamoDB | dynamodb:ListTables |
| Amazon DynamoDB (built-in) | dynamodb:ListTables, dynamodb:ListTagsOfResource |
| Amazon EBS | ec2:DescribeVolumes |
| Amazon EBS (built-in) | ec2:DescribeVolumes |
| Amazon EC2 API | |
| Amazon EC2 (built-in) | ec2:DescribeInstances |
| Amazon EC2 Spot Fleet | ec2:DescribeSpotFleetRequests |
| Amazon Elastic Container Service (ECS) | ecs:ListClusters |
| Amazon ECS Container Insights | ecs:ListClusters |
| Amazon ElastiCache (EC) | elasticache:DescribeCacheClusters |
| AWS Elastic Beanstalk | elasticbeanstalk:DescribeEnvironments |
| Amazon Elastic File System (EFS) | elasticfilesystem:DescribeFileSystems |
| Amazon Elastic Inference | |
| Amazon Elastic Map Reduce (EMR) | elasticmapreduce:ListClusters |
| Amazon Elasticsearch Service (ES) | es:ListDomainNames |
| Amazon Elastic Transcoder | elastictranscoder:ListPipelines |
| Amazon Elastic Load Balancer (ELB) (built-in) | elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth |
| Amazon EventBridge | events:ListEventBuses |
| Amazon FSx | fsx:DescribeFileSystems |
| Amazon GameLift | gamelift:ListFleets |
| AWS Glue | glue:GetJobs |
| Amazon Inspector | inspector:ListAssessmentTemplates |
| AWS Internet of Things (IoT) | |
| AWS IoT Analytics | |
| Amazon Managed Streaming for Kafka | kafka:ListClusters |
| Amazon Kinesis Data Analytics | kinesisanalytics:ListApplications |
| Amazon Data Firehose | firehose:ListDeliveryStreams |
| Amazon Kinesis Data Streams | kinesis:ListStreams |
| Amazon Kinesis Video Streams | kinesisvideo:ListStreams |
| AWS Lambda | lambda:ListFunctions |
| AWS Lambda (built-in) | lambda:ListFunctions, lambda:ListTags |
| Amazon Lex | lex:GetBots |
| Amazon Application and Network Load Balancer (built-in) | elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth |
| Amazon CloudWatch Logs | logs:DescribeLogGroups |
| AWS Elemental MediaConnect | mediaconnect:ListFlows |
| AWS Elemental MediaConvert | mediaconvert:DescribeEndpoints |
| AWS Elemental MediaPackage Live | mediapackage:ListChannels |
| AWS Elemental MediaPackage Video on Demand | mediapackage-vod:ListPackagingConfigurations |
| AWS Elemental MediaTailor | mediatailor:ListPlaybackConfigurations |
| Amazon VPC NAT Gateways | ec2:DescribeNatGateways |
| Amazon Neptune | rds:DescribeDBClusters |
| AWS OpsWorks | opsworks:DescribeStacks |
| Amazon Polly | |
| Amazon QLDB | qldb:ListLedgers |
| Amazon RDS | rds:DescribeDBInstances |
| Amazon RDS (built-in) | rds:DescribeDBInstances, rds:DescribeEvents, rds:ListTagsForResource |
| Amazon Redshift | redshift:DescribeClusters |
| Amazon Rekognition | |
| AWS RoboMaker | robomaker:ListSimulationJobs |
| Amazon Route 53 | route53:ListHostedZones |
| Amazon Route 53 Resolver | route53resolver:ListResolverEndpoints |
| Amazon S3 | s3:ListAllMyBuckets |
| Amazon S3 (built-in) | s3:ListAllMyBuckets |
| Amazon SageMaker Batch Transform Jobs | |
| Amazon SageMaker Endpoint Instances | sagemaker:ListEndpoints |
| Amazon SageMaker Endpoints | sagemaker:ListEndpoints |
| Amazon SageMaker Ground Truth | |
| Amazon SageMaker Processing Jobs | |
| Amazon SageMaker Training Jobs | |
| AWS Service Catalog | |
| Amazon Simple Email Service (SES) | |
| Amazon Simple Notification Service (SNS) | sns:ListTopics |
| Amazon Simple Queue Service (SQS) | sqs:ListQueues |
| AWS Systems Manager - Run Command | |
| AWS Step Functions | |
| AWS Storage Gateway | storagegateway:ListGateways |
| Amazon SWF | swf:ListDomains |
| Amazon Textract | |
| AWS IoT Things Graph | |
| AWS Transfer Family | transfer:ListServers |
| AWS Transit Gateway | ec2:DescribeTransitGateways |
| Amazon Translate | |
| AWS Trusted Advisor | |
| AWS API Usage | |
| AWS Site-to-Site VPN | ec2:DescribeVpnConnections |
| AWS WAF Classic | |
| AWS WAF | |
| Amazon WorkMail | workmail:ListOrganizations |
| Amazon WorkSpaces | workspaces:DescribeWorkspaces |
Example of JSON policy for one single service.
JSON policy for Amazon API Gateway
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"apigateway:GET",
"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"sts:GetCallerIdentity",
"tag:GetResources",
"tag:GetTagKeys",
"ec2:DescribeAvailabilityZones"
],
"Resource": "*"
}
]
}
In this example, from the complete list of permissions you need to select
"apigateway:GET"for Amazon API Gateway"cloudwatch:GetMetricData","cloudwatch:GetMetricStatistics","cloudwatch:ListMetrics","sts:GetCallerIdentity","tag:GetResources","tag:GetTagKeys", and"ec2:DescribeAvailabilityZones"for All AWS cloud services.
AWS endpoints that need to be reachable from ActiveGate with corresponding AWS services¶
| Endpoint | Service |
|---|---|
autoscaling.<REGION>.amazonaws.com |
Amazon EC2 Auto Scaling (built-in), Amazon EC2 Auto Scaling |
lambda.<REGION>.amazonaws.com |
AWS Lambda (built-in), AWS Lambda |
elasticloadbalancing.<REGION>.amazonaws.com |
Amazon Application and Network Load Balancer (built-in), Amazon Elastic Load Balancer (ELB) (built-in) |
dynamodb.<REGION>.amazonaws.com |
Amazon DynamoDB (built-in), Amazon DynamoDB |
ec2.<REGION>.amazonaws.com |
Amazon EBS (built-in), Amazon EC2 (built-in), Amazon EBS, Amazon EC2 Spot Fleet, Amazon VPC NAT Gateways, AWS Transit Gateway, AWS Site-to-Site VPN |
rds.<REGION>.amazonaws.com |
Amazon RDS (built-in), Amazon Aurora, Amazon DocumentDB, Amazon Neptune, Amazon RDS |
s3.<REGION>.amazonaws.com |
Amazon S3 (built-in) |
acm-pca.<REGION>.amazonaws.com |
AWS Certificate Manager Private Certificate Authority |
apigateway.<REGION>.amazonaws.com |
Amazon API Gateway |
apprunner.<REGION>.amazonaws.com |
AWS App Runner |
appstream2.<REGION>.amazonaws.com |
Amazon AppStream |
appsync.<REGION>.amazonaws.com |
AWS AppSync |
athena.<REGION>.amazonaws.com |
Amazon Athena |
cloudfront.amazonaws.com |
Amazon CloudFront |
cloudhsmv2.<REGION>.amazonaws.com |
AWS CloudHSM |
cloudsearch.<REGION>.amazonaws.com |
Amazon CloudSearch |
codebuild.<REGION>.amazonaws.com |
AWS CodeBuild |
datasync.<REGION>.amazonaws.com |
AWS DataSync |
dax.<REGION>.amazonaws.com |
Amazon DynamoDB Accelerator (DAX) |
dms.<REGION>.amazonaws.com |
AWS Database Migration Service (AWS DMS) |
directconnect.<REGION>.amazonaws.com |
AWS Direct Connect |
ecs.<REGION>.amazonaws.com |
Amazon Elastic Container Service (ECS), Amazon ECS Container Insights |
elasticfilesystem.<REGION>.amazonaws.com |
Amazon Elastic File System (EFS) |
eks.<REGION>.amazonaws.com |
Amazon Elastic Kubernetes Service (EKS) |
elasticache.<REGION>.amazonaws.com |
Amazon ElastiCache (EC) |
elasticbeanstalk.<REGION>.amazonaws.com |
AWS Elastic Beanstalk |
elastictranscoder.<REGION>.amazonaws.com |
Amazon Elastic Transcoder |
es.<REGION>.amazonaws.com |
Amazon Elasticsearch Service (ES) |
events.<REGION>.amazonaws.com |
Amazon EventBridge |
fsx.<REGION>.amazonaws.com |
Amazon FSx |
gamelift.<REGION>.amazonaws.com |
Amazon GameLift |
glue.<REGION>.amazonaws.com |
AWS Glue |
inspector.<REGION>.amazonaws.com |
Amazon Inspector |
kafka.<REGION>.amazonaws.com |
Amazon Managed Streaming for Kafka |
models.lex.<REGION>.amazonaws.com |
Amazon Lex |
logs.<REGION>.amazonaws.com |
Amazon CloudWatch Logs |
api.mediatailor.<REGION>.amazonaws.com |
AWS Elemental MediaTailor |
mediaconnect.<REGION>.amazonaws.com |
AWS Elemental MediaConnect |
mediapackage.<REGION>.amazonaws.com |
AWS Elemental MediaPackage Live |
mediapackage-vod.<REGION>.amazonaws.com |
AWS Elemental MediaPackage Video on Demand |
opsworks.<REGION>.amazonaws.com |
AWS OpsWorks |
qldb.<REGION>.amazonaws.com |
Amazon QLDB |
redshift.<REGION>.amazonaws.com |
Amazon Redshift |
robomaker.<REGION>.amazonaws.com |
AWS RoboMaker |
route53.amazonaws.com |
Amazon Route 53 |
route53resolver.<REGION>.amazonaws.com |
Amazon Route 53 Resolver |
api.sagemaker.<REGION>.amazonaws.com |
Amazon SageMaker Endpoints, Amazon SageMaker Endpoint Instances |
sns.<REGION>.amazonaws.com |
Amazon Simple Notification Service (SNS) |
sqs.<REGION>.amazonaws.com |
Amazon Simple Queue Service (SQS) |
storagegateway.<REGION>.amazonaws.com |
AWS Storage Gateway |
swf.<REGION>.amazonaws.com |
Amazon SWF |
transfer.<REGION>.amazonaws.com |
AWS Transfer Family |
workmail.<REGION>.amazonaws.com |
Amazon WorkMail |
workspaces.<REGION>.amazonaws.com |
Amazon WorkSpaces |
Enable monitoring¶
To learn how to enable service monitoring, see Enable service monitoring.
View service metrics¶
You can view the service metrics in your Dynatrace environment either on the custom device overview page or on your Dashboards page.
View metrics on the custom device overview page¶
To access the custom device overview page
- Go to
Technologies & Processes Classic. - Filter by service name and select the relevant custom device group.
- Once you select the custom device group, you're on the custom device group overview page.
- The custom device group overview page lists all instances (custom devices) belonging to the group. Select an instance to view the custom device overview page.
View metrics on your dashboard¶
You can also view metrics in the Dynatrace web UI on dashboards. There is no preset dashboard available for this service, but you can create your own dashboard.
To check the availability of preset dashboards for each AWS service, see the list below.
Preset dashboard availability list¶
| AWS service | Preset dashboard |
|---|---|
| Amazon EC2 Auto Scaling (built-in) | Not applicable |
| AWS Lambda (built-in) | Not applicable |
| Amazon Application and Network Load Balancer (built-in) | Not applicable |
| Amazon DynamoDB (built-in) | Not applicable |
| Amazon EBS (built-in) | Not applicable |
| Amazon EC2 (built-in) | Not applicable |
| Amazon Elastic Load Balancer (ELB) (built-in) | Not applicable |
| Amazon RDS (built-in) | Not applicable |
| Amazon S3 (built-in) | Not applicable |
| AWS Certificate Manager Private Certificate Authority | Not applicable |
| All monitored Amazon services | Not applicable |
| Amazon API Gateway | Not applicable |
| AWS App Runner | Not applicable |
| Amazon AppStream | Applicable |
| AWS AppSync | Applicable |
| Amazon Athena | Applicable |
| Amazon Aurora | Not applicable |
| Amazon EC2 Auto Scaling | Applicable |
| AWS Billing | Applicable |
| Amazon Keyspaces | Applicable |
| AWS Chatbot | Applicable |
| Amazon CloudFront | Not applicable |
| AWS CloudHSM | Applicable |
| Amazon CloudSearch | Applicable |
| AWS CodeBuild | Applicable |
| Amazon Cognito | Not applicable |
| Amazon Connect | Applicable |
| AWS DataSync | Applicable |
| Amazon DynamoDB Accelerator (DAX) | Applicable |
| AWS Database Migration Service (AWS DMS) | Applicable |
| Amazon DocumentDB | Applicable |
| AWS Direct Connect | Applicable |
| Amazon DynamoDB | Not applicable |
| Amazon EBS | Not applicable |
| Amazon EC2 Spot Fleet | Not applicable |
| Amazon EC2 API | Applicable |
| Amazon Elastic Container Service (ECS) | Not applicable |
| Amazon ECS Container Insights | Applicable |
| Amazon Elastic File System (EFS) | Not applicable |
| Amazon Elastic Kubernetes Service (EKS) | Applicable |
| Amazon ElastiCache (EC) | Not applicable |
| AWS Elastic Beanstalk | Applicable |
| Amazon Elastic Inference | Applicable |
| Amazon Elastic Transcoder | Applicable |
| Amazon Elastic Map Reduce (EMR) | Not applicable |
| Amazon Elasticsearch Service (ES) | Not applicable |
| Amazon EventBridge | Applicable |
| Amazon FSx | Applicable |
| Amazon GameLift | Applicable |
| AWS Glue | Not applicable |
| Amazon Inspector | Applicable |
| AWS Internet of Things (IoT) | Not applicable |
| AWS IoT Things Graph | Applicable |
| AWS IoT Analytics | Applicable |
| Amazon Managed Streaming for Kafka | Applicable |
| Amazon Kinesis Data Analytics | Not applicable |
| Amazon Data Firehose | Not applicable |
| Amazon Kinesis Data Streams | Not applicable |
| Amazon Kinesis Video Streams | Not applicable |
| AWS Lambda | Not applicable |
| Amazon Lex | Applicable |
| Amazon CloudWatch Logs | Applicable |
| AWS Elemental MediaTailor | Applicable |
| AWS Elemental MediaConnect | Applicable |
| AWS Elemental MediaConvert | Applicable |
| AWS Elemental MediaPackage Live | Applicable |
| AWS Elemental MediaPackage Video on Demand | Applicable |
| Amazon MQ | Applicable |
| Amazon VPC NAT Gateways | Not applicable |
| Amazon Neptune | Applicable |
| AWS OpsWorks | Applicable |
| Amazon Polly | Applicable |
| Amazon QLDB | Applicable |
| Amazon RDS | Not applicable |
| Amazon Redshift | Not applicable |
| Amazon Rekognition | Applicable |
| AWS RoboMaker | Applicable |
| Amazon Route 53 | Applicable |
| Amazon Route 53 Resolver | Applicable |
| Amazon S3 | Not applicable |
| Amazon SageMaker Batch Transform Jobs | Not applicable |
| Amazon SageMaker Endpoints | Not applicable |
| Amazon SageMaker Endpoint Instances | Not applicable |
| Amazon SageMaker Ground Truth | Not applicable |
| Amazon SageMaker Processing Jobs | Not applicable |
| Amazon SageMaker Training Jobs | Not applicable |
| AWS Service Catalog | Applicable |
| Amazon Simple Email Service (SES) | Not applicable |
| Amazon Simple Notification Service (SNS) | Not applicable |
| Amazon Simple Queue Service (SQS) | Not applicable |
| AWS Systems Manager - Run Command | Applicable |
| AWS Step Functions | Applicable |
| AWS Storage Gateway | Applicable |
| Amazon SWF | Applicable |
| Amazon Textract | Applicable |
| AWS Transfer Family | Applicable |
| AWS Transit Gateway | Applicable |
| Amazon Translate | Applicable |
| AWS Trusted Advisor | Applicable |
| AWS API Usage | Applicable |
| AWS Site-to-Site VPN | Applicable |
| AWS WAF Classic | Applicable |
| AWS WAF | Applicable |
| Amazon WorkMail | Applicable |
| Amazon WorkSpaces | Applicable |
Available metrics¶
This service monitors a part of AWS Lambda (AWS/Lambda). While you have this service configured, you can't have AWS Lambda (built-in) service turned on.
FunctionName is the main dimension.
| Name | Description | Unit | Statistics | Dimensions | Recommended |
|---|---|---|---|---|---|
| AsyncEventAge | The time between when Lambda successfully queues the event and when the function is invoked. | Milliseconds | Multi | FunctionName, Resource | |
| AsyncEventAge | Milliseconds | Multi | FunctionName | ||
| AsyncEventAge | Milliseconds | Multi | Region | ||
| AsyncEventsDropped | The number of events that are dropped without successfully executing the function. | Count | Sum | FunctionName, Resource | |
| AsyncEventsDropped | Count | Sum | FunctionName | ||
| AsyncEventsDropped | Count | Sum | Region | ||
| AsyncEventsReceived | The number of events that Lambda successfully queues for processing. | Count | Sum | FunctionName, Resource | |
| AsyncEventsReceived | Count | Sum | FunctionName | ||
| AsyncEventsReceived | Count | Sum | Region | ||
| ConcurrentExecutions | The number of function instances that are processing events. | Count | Maximum | FunctionName, Resource | |
| ConcurrentExecutions | Count | Maximum | FunctionName | ||
| ConcurrentExecutions | Count | Sum | FunctionName, Resource | ||
| ConcurrentExecutions | Count | Sum | FunctionName | Applicable | |
| ConcurrentExecutions | Count | Sum | Region | Applicable | |
| DeadLetterErrors | For asynchronous invocation, the number of times that Lambda attempts to send an event to a dead-letter queue (DLQ) but fails. | Count | Sum | FunctionName, Resource | |
| DeadLetterErrors | Count | Sum | FunctionName | ||
| DeadLetterErrors | Count | Sum | Region | ||
| DestinationDeliveryFailures | For asynchronous invocation and supported event source mappings, the number of times that Lambda attempts to send an event to a destination but fails. | Count | Sum | FunctionName, Resource | |
| DestinationDeliveryFailures | Count | Sum | FunctionName | ||
| DestinationDeliveryFailures | Count | Sum | Region | ||
| Duration | The amount of time that your function code spends processing an event. | Milliseconds | Multi | FunctionName, Resource | |
| Duration | Milliseconds | Multi | FunctionName | Applicable | |
| Duration | Milliseconds | Multi | Region | Applicable | |
| Errors | The number of invocations that result in a function error. | Count | Sum | FunctionName, Resource | |
| Errors | Count | Sum | FunctionName | Applicable | |
| Errors | Count | Sum | Region | Applicable | |
| Invocations | The number of times that your function code is invoked, including successful invocations and invocations that result in a function error. | Count | Sum | FunctionName, Resource | |
| Invocations | Count | Sum | FunctionName | Applicable | |
| Invocations | Count | Sum | Region | Applicable | |
| IteratorAge | For DynamoDB, Kinesis, and Amazon DocumentDB event sources, the age of the last record in the event. | Milliseconds | Multi | FunctionName, Resource | |
| IteratorAge | Milliseconds | Multi | FunctionName | ||
| IteratorAge | Milliseconds | Multi | Region | ||
| OffsetLag | For self-managed Apache Kafka and Amazon Managed Streaming for Apache Kafka (Amazon MSK) event sources, the difference in offset between the last record written to a topic and the last record that your function's consumer group processed. | Milliseconds | Multi | FunctionName, Resource | |
| OffsetLag | Milliseconds | Multi | FunctionName | ||
| OffsetLag | Milliseconds | Multi | Region | ||
| PostRuntimeExtensionsDuration | The cumulative amount of time that the runtime spends running code for extensions after the function code has completed. | Milliseconds | Multi | FunctionName, Resource | Applicable |
| PostRuntimeExtensionsDuration | Milliseconds | Multi | FunctionName | ||
| PostRuntimeExtensionsDuration | Milliseconds | Multi | Region | Applicable | |
| ProvisionedConcurrencyInvocations | The number of times that your function code is invoked using provisioned concurrency. | Count | Sum | FunctionName, Resource | Applicable |
| ProvisionedConcurrencyInvocations | Count | Sum | FunctionName | ||
| ProvisionedConcurrencyInvocations | Count | Sum | Region | Applicable | |
| ProvisionedConcurrencySpilloverInvocations | The number of times that your function code is invoked using standard concurrency when all provisioned concurrency is in use. | Count | Sum | FunctionName, Resource | |
| ProvisionedConcurrencySpilloverInvocations | Count | Sum | FunctionName | ||
| ProvisionedConcurrencySpilloverInvocations | Count | Sum | Region | ||
| ProvisionedConcurrencyUtilization | For a version or alias, the value of ProvisionedConcurrentExecutions divided by the total amount of provisioned concurrency allocated. | Count | Sum | FunctionName, Resource | |
| ProvisionedConcurrencyUtilization | Count | Sum | FunctionName | ||
| ProvisionedConcurrencyUtilization | Count | Sum | Region | ||
| ProvisionedConcurrentExecutions | The number of function instances that are processing events using provisioned concurrency. | Count | Sum | FunctionName, Resource | Applicable |
| ProvisionedConcurrentExecutions | Count | Sum | FunctionName | ||
| ProvisionedConcurrentExecutions | Count | Sum | FunctionName, Resource | ||
| ProvisionedConcurrentExecutions | Count | Sum | FunctionName | Applicable | |
| ProvisionedConcurrentExecutions | Count | Sum | Region | Applicable | |
| RecursiveInvocationsDropped | The number of times that Lambda has stopped invocation of your function because it's detected that your function is part of an infinite recursive loop. | Count | Sum | FunctionName, Resource | |
| RecursiveInvocationsDropped | Count | Sum | FunctionName | ||
| RecursiveInvocationsDropped | Count | Sum | Region | ||
| Throttles | The number of invocation requests that are throttled. | Count | Sum | FunctionName, Resource | |
| Throttles | Count | Sum | FunctionName | Applicable | |
| Throttles | Count | Sum | Region | Applicable | |
| UnreservedConcurrentExecutions | For a Region, the number of events that functions without reserved concurrency are processing. | Count | Sum | Region |
Source: aws-service-mq.md¶
title: Amazon MQ monitoring source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-with-aws/aws-all-services/aws-service-mq scraped: 2026-02-18T05:48:04.811665
Amazon MQ monitoring¶
Amazon MQ monitoring¶
- How-to guide
- 7-min read
- Published Sep 08, 2020
Dynatrace ingests metrics for multiple preselected namespaces, including Amazon MQ. You can view metrics for each service instance, split metrics into multiple dimensions, and create custom charts that you can pin to your dashboards.
Prerequisites¶
To enable monitoring for this service, you need
-
ActiveGate version 1.197+
-
For Dynatrace SaaS deployments, you need an Environment ActiveGate or a Multi-environment ActiveGate.
For role-based access in a SaaS deployment, you need an Environment ActiveGate installed on an Amazon EC2 host.
- Dynatrace version 1.201+
- An updated AWS monitoring policy to include the additional AWS services.
To update the AWS IAM policy, use the JSON below, containing the monitoring policy (permissions) for all supporting services.
JSON predefined policy for all supporting services
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"acm-pca:ListCertificateAuthorities",
"apigateway:GET",
"apprunner:ListServices",
"appstream:DescribeFleets",
"appsync:ListGraphqlApis",
"athena:ListWorkGroups",
"autoscaling:DescribeAutoScalingGroups",
"cloudformation:ListStackResources",
"cloudfront:ListDistributions",
"cloudhsm:DescribeClusters",
"cloudsearch:DescribeDomains",
"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"codebuild:ListProjects",
"datasync:ListTasks",
"dax:DescribeClusters",
"directconnect:DescribeConnections",
"dms:DescribeReplicationInstances",
"dynamodb:ListTables",
"dynamodb:ListTagsOfResource",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeInstances",
"ec2:DescribeNatGateways",
"ec2:DescribeSpotFleetRequests",
"ec2:DescribeTransitGateways",
"ec2:DescribeVolumes",
"ec2:DescribeVpnConnections",
"ecs:ListClusters",
"eks:ListClusters",
"elasticache:DescribeCacheClusters",
"elasticbeanstalk:DescribeEnvironmentResources",
"elasticbeanstalk:DescribeEnvironments",
"elasticfilesystem:DescribeFileSystems",
"elasticloadbalancing:DescribeInstanceHealth",
"elasticloadbalancing:DescribeListeners",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeRules",
"elasticloadbalancing:DescribeTags",
"elasticloadbalancing:DescribeTargetHealth",
"elasticmapreduce:ListClusters",
"elastictranscoder:ListPipelines",
"es:ListDomainNames",
"events:ListEventBuses",
"firehose:ListDeliveryStreams",
"fsx:DescribeFileSystems",
"gamelift:ListFleets",
"glue:GetJobs",
"inspector:ListAssessmentTemplates",
"kafka:ListClusters",
"kinesis:ListStreams",
"kinesisanalytics:ListApplications",
"kinesisvideo:ListStreams",
"lambda:ListFunctions",
"lambda:ListTags",
"lex:GetBots",
"logs:DescribeLogGroups",
"mediaconnect:ListFlows",
"mediaconvert:DescribeEndpoints",
"mediapackage-vod:ListPackagingConfigurations",
"mediapackage:ListChannels",
"mediatailor:ListPlaybackConfigurations",
"opsworks:DescribeStacks",
"qldb:ListLedgers",
"rds:DescribeDBClusters",
"rds:DescribeDBInstances",
"rds:DescribeEvents",
"rds:ListTagsForResource",
"redshift:DescribeClusters",
"robomaker:ListSimulationJobs",
"route53:ListHostedZones",
"route53resolver:ListResolverEndpoints",
"s3:ListAllMyBuckets",
"sagemaker:ListEndpoints",
"sns:ListTopics",
"sqs:ListQueues",
"storagegateway:ListGateways",
"sts:GetCallerIdentity",
"swf:ListDomains",
"tag:GetResources",
"tag:GetTagKeys",
"transfer:ListServers",
"workmail:ListOrganizations",
"workspaces:DescribeWorkspaces"
],
"Resource": "*"
}
]
}
If you don't want to add permissions to all services, and just select permissions for certain services, consult the table below. The table contains a set of permissions that are required for All AWS cloud services and, for each supporting service, a list of optional permissions specific to that service.
Permissions required for AWS monitoring integration:
"cloudwatch:GetMetricData""cloudwatch:GetMetricStatistics""cloudwatch:ListMetrics""sts:GetCallerIdentity""tag:GetResources""tag:GetTagKeys""ec2:DescribeAvailabilityZones"
Complete list of permissions for cloud services¶
| Name | Permissions |
|---|---|
| All monitored Amazon services Required | cloudwatch:GetMetricData, cloudwatch:GetMetricStatistics, cloudwatch:ListMetrics, sts:GetCallerIdentity, tag:GetResources, tag:GetTagKeys, ec2:DescribeAvailabilityZones |
| AWS Certificate Manager Private Certificate Authority | acm-pca:ListCertificateAuthorities |
| Amazon MQ | |
| Amazon API Gateway | apigateway:GET |
| AWS App Runner | apprunner:ListServices |
| Amazon AppStream | appstream:DescribeFleets |
| AWS AppSync | appsync:ListGraphqlApis |
| Amazon Athena | athena:ListWorkGroups |
| Amazon Aurora | rds:DescribeDBClusters |
| Amazon EC2 Auto Scaling | autoscaling:DescribeAutoScalingGroups |
| Amazon EC2 Auto Scaling (built-in) | autoscaling:DescribeAutoScalingGroups |
| AWS Billing | |
| Amazon Keyspaces | |
| AWS Chatbot | |
| Amazon CloudFront | cloudfront:ListDistributions |
| AWS CloudHSM | cloudhsm:DescribeClusters |
| Amazon CloudSearch | cloudsearch:DescribeDomains |
| AWS CodeBuild | codebuild:ListProjects |
| Amazon Cognito | |
| Amazon Connect | |
| Amazon Elastic Kubernetes Service (EKS) | eks:ListClusters |
| AWS DataSync | datasync:ListTasks |
| Amazon DynamoDB Accelerator (DAX) | dax:DescribeClusters |
| AWS Database Migration Service (AWS DMS) | dms:DescribeReplicationInstances |
| Amazon DocumentDB | rds:DescribeDBClusters |
| AWS Direct Connect | directconnect:DescribeConnections |
| Amazon DynamoDB | dynamodb:ListTables |
| Amazon DynamoDB (built-in) | dynamodb:ListTables, dynamodb:ListTagsOfResource |
| Amazon EBS | ec2:DescribeVolumes |
| Amazon EBS (built-in) | ec2:DescribeVolumes |
| Amazon EC2 API | |
| Amazon EC2 (built-in) | ec2:DescribeInstances |
| Amazon EC2 Spot Fleet | ec2:DescribeSpotFleetRequests |
| Amazon Elastic Container Service (ECS) | ecs:ListClusters |
| Amazon ECS Container Insights | ecs:ListClusters |
| Amazon ElastiCache (EC) | elasticache:DescribeCacheClusters |
| AWS Elastic Beanstalk | elasticbeanstalk:DescribeEnvironments |
| Amazon Elastic File System (EFS) | elasticfilesystem:DescribeFileSystems |
| Amazon Elastic Inference | |
| Amazon Elastic Map Reduce (EMR) | elasticmapreduce:ListClusters |
| Amazon Elasticsearch Service (ES) | es:ListDomainNames |
| Amazon Elastic Transcoder | elastictranscoder:ListPipelines |
| Amazon Elastic Load Balancer (ELB) (built-in) | elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth |
| Amazon EventBridge | events:ListEventBuses |
| Amazon FSx | fsx:DescribeFileSystems |
| Amazon GameLift | gamelift:ListFleets |
| AWS Glue | glue:GetJobs |
| Amazon Inspector | inspector:ListAssessmentTemplates |
| AWS Internet of Things (IoT) | |
| AWS IoT Analytics | |
| Amazon Managed Streaming for Kafka | kafka:ListClusters |
| Amazon Kinesis Data Analytics | kinesisanalytics:ListApplications |
| Amazon Data Firehose | firehose:ListDeliveryStreams |
| Amazon Kinesis Data Streams | kinesis:ListStreams |
| Amazon Kinesis Video Streams | kinesisvideo:ListStreams |
| AWS Lambda | lambda:ListFunctions |
| AWS Lambda (built-in) | lambda:ListFunctions, lambda:ListTags |
| Amazon Lex | lex:GetBots |
| Amazon Application and Network Load Balancer (built-in) | elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth |
| Amazon CloudWatch Logs | logs:DescribeLogGroups |
| AWS Elemental MediaConnect | mediaconnect:ListFlows |
| AWS Elemental MediaConvert | mediaconvert:DescribeEndpoints |
| AWS Elemental MediaPackage Live | mediapackage:ListChannels |
| AWS Elemental MediaPackage Video on Demand | mediapackage-vod:ListPackagingConfigurations |
| AWS Elemental MediaTailor | mediatailor:ListPlaybackConfigurations |
| Amazon VPC NAT Gateways | ec2:DescribeNatGateways |
| Amazon Neptune | rds:DescribeDBClusters |
| AWS OpsWorks | opsworks:DescribeStacks |
| Amazon Polly | |
| Amazon QLDB | qldb:ListLedgers |
| Amazon RDS | rds:DescribeDBInstances |
| Amazon RDS (built-in) | rds:DescribeDBInstances, rds:DescribeEvents, rds:ListTagsForResource |
| Amazon Redshift | redshift:DescribeClusters |
| Amazon Rekognition | |
| AWS RoboMaker | robomaker:ListSimulationJobs |
| Amazon Route 53 | route53:ListHostedZones |
| Amazon Route 53 Resolver | route53resolver:ListResolverEndpoints |
| Amazon S3 | s3:ListAllMyBuckets |
| Amazon S3 (built-in) | s3:ListAllMyBuckets |
| Amazon SageMaker Batch Transform Jobs | |
| Amazon SageMaker Endpoint Instances | sagemaker:ListEndpoints |
| Amazon SageMaker Endpoints | sagemaker:ListEndpoints |
| Amazon SageMaker Ground Truth | |
| Amazon SageMaker Processing Jobs | |
| Amazon SageMaker Training Jobs | |
| AWS Service Catalog | |
| Amazon Simple Email Service (SES) | |
| Amazon Simple Notification Service (SNS) | sns:ListTopics |
| Amazon Simple Queue Service (SQS) | sqs:ListQueues |
| AWS Systems Manager - Run Command | |
| AWS Step Functions | |
| AWS Storage Gateway | storagegateway:ListGateways |
| Amazon SWF | swf:ListDomains |
| Amazon Textract | |
| AWS IoT Things Graph | |
| AWS Transfer Family | transfer:ListServers |
| AWS Transit Gateway | ec2:DescribeTransitGateways |
| Amazon Translate | |
| AWS Trusted Advisor | |
| AWS API Usage | |
| AWS Site-to-Site VPN | ec2:DescribeVpnConnections |
| AWS WAF Classic | |
| AWS WAF | |
| Amazon WorkMail | workmail:ListOrganizations |
| Amazon WorkSpaces | workspaces:DescribeWorkspaces |
Example of JSON policy for one single service.
JSON policy for Amazon API Gateway
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"apigateway:GET",
"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"sts:GetCallerIdentity",
"tag:GetResources",
"tag:GetTagKeys",
"ec2:DescribeAvailabilityZones"
],
"Resource": "*"
}
]
}
In this example, from the complete list of permissions you need to select
"apigateway:GET"for Amazon API Gateway"cloudwatch:GetMetricData","cloudwatch:GetMetricStatistics","cloudwatch:ListMetrics","sts:GetCallerIdentity","tag:GetResources","tag:GetTagKeys", and"ec2:DescribeAvailabilityZones"for All AWS cloud services.
AWS endpoints that need to be reachable from ActiveGate with corresponding AWS services¶
| Endpoint | Service |
|---|---|
autoscaling.<REGION>.amazonaws.com |
Amazon EC2 Auto Scaling (built-in), Amazon EC2 Auto Scaling |
lambda.<REGION>.amazonaws.com |
AWS Lambda (built-in), AWS Lambda |
elasticloadbalancing.<REGION>.amazonaws.com |
Amazon Application and Network Load Balancer (built-in), Amazon Elastic Load Balancer (ELB) (built-in) |
dynamodb.<REGION>.amazonaws.com |
Amazon DynamoDB (built-in), Amazon DynamoDB |
ec2.<REGION>.amazonaws.com |
Amazon EBS (built-in), Amazon EC2 (built-in), Amazon EBS, Amazon EC2 Spot Fleet, Amazon VPC NAT Gateways, AWS Transit Gateway, AWS Site-to-Site VPN |
rds.<REGION>.amazonaws.com |
Amazon RDS (built-in), Amazon Aurora, Amazon DocumentDB, Amazon Neptune, Amazon RDS |
s3.<REGION>.amazonaws.com |
Amazon S3 (built-in) |
acm-pca.<REGION>.amazonaws.com |
AWS Certificate Manager Private Certificate Authority |
apigateway.<REGION>.amazonaws.com |
Amazon API Gateway |
apprunner.<REGION>.amazonaws.com |
AWS App Runner |
appstream2.<REGION>.amazonaws.com |
Amazon AppStream |
appsync.<REGION>.amazonaws.com |
AWS AppSync |
athena.<REGION>.amazonaws.com |
Amazon Athena |
cloudfront.amazonaws.com |
Amazon CloudFront |
cloudhsmv2.<REGION>.amazonaws.com |
AWS CloudHSM |
cloudsearch.<REGION>.amazonaws.com |
Amazon CloudSearch |
codebuild.<REGION>.amazonaws.com |
AWS CodeBuild |
datasync.<REGION>.amazonaws.com |
AWS DataSync |
dax.<REGION>.amazonaws.com |
Amazon DynamoDB Accelerator (DAX) |
dms.<REGION>.amazonaws.com |
AWS Database Migration Service (AWS DMS) |
directconnect.<REGION>.amazonaws.com |
AWS Direct Connect |
ecs.<REGION>.amazonaws.com |
Amazon Elastic Container Service (ECS), Amazon ECS Container Insights |
elasticfilesystem.<REGION>.amazonaws.com |
Amazon Elastic File System (EFS) |
eks.<REGION>.amazonaws.com |
Amazon Elastic Kubernetes Service (EKS) |
elasticache.<REGION>.amazonaws.com |
Amazon ElastiCache (EC) |
elasticbeanstalk.<REGION>.amazonaws.com |
AWS Elastic Beanstalk |
elastictranscoder.<REGION>.amazonaws.com |
Amazon Elastic Transcoder |
es.<REGION>.amazonaws.com |
Amazon Elasticsearch Service (ES) |
events.<REGION>.amazonaws.com |
Amazon EventBridge |
fsx.<REGION>.amazonaws.com |
Amazon FSx |
gamelift.<REGION>.amazonaws.com |
Amazon GameLift |
glue.<REGION>.amazonaws.com |
AWS Glue |
inspector.<REGION>.amazonaws.com |
Amazon Inspector |
kafka.<REGION>.amazonaws.com |
Amazon Managed Streaming for Kafka |
models.lex.<REGION>.amazonaws.com |
Amazon Lex |
logs.<REGION>.amazonaws.com |
Amazon CloudWatch Logs |
api.mediatailor.<REGION>.amazonaws.com |
AWS Elemental MediaTailor |
mediaconnect.<REGION>.amazonaws.com |
AWS Elemental MediaConnect |
mediapackage.<REGION>.amazonaws.com |
AWS Elemental MediaPackage Live |
mediapackage-vod.<REGION>.amazonaws.com |
AWS Elemental MediaPackage Video on Demand |
opsworks.<REGION>.amazonaws.com |
AWS OpsWorks |
qldb.<REGION>.amazonaws.com |
Amazon QLDB |
redshift.<REGION>.amazonaws.com |
Amazon Redshift |
robomaker.<REGION>.amazonaws.com |
AWS RoboMaker |
route53.amazonaws.com |
Amazon Route 53 |
route53resolver.<REGION>.amazonaws.com |
Amazon Route 53 Resolver |
api.sagemaker.<REGION>.amazonaws.com |
Amazon SageMaker Endpoints, Amazon SageMaker Endpoint Instances |
sns.<REGION>.amazonaws.com |
Amazon Simple Notification Service (SNS) |
sqs.<REGION>.amazonaws.com |
Amazon Simple Queue Service (SQS) |
storagegateway.<REGION>.amazonaws.com |
AWS Storage Gateway |
swf.<REGION>.amazonaws.com |
Amazon SWF |
transfer.<REGION>.amazonaws.com |
AWS Transfer Family |
workmail.<REGION>.amazonaws.com |
Amazon WorkMail |
workspaces.<REGION>.amazonaws.com |
Amazon WorkSpaces |
Enable monitoring¶
To learn how to enable service monitoring, see Enable service monitoring.
View service metrics¶
You can view the service metrics in your Dynatrace environment either on the custom device overview page or on your Dashboards page.
View metrics on the custom device overview page¶
To access the custom device overview page
- Go to
Technologies & Processes Classic. - Filter by service name and select the relevant custom device group.
- Once you select the custom device group, you're on the custom device group overview page.
- The custom device group overview page lists all instances (custom devices) belonging to the group. Select an instance to view the custom device overview page.
View metrics on your dashboard¶
After you add the service to monitoring, a preset dashboard containing all recommended metrics is automatically listed on your Dashboards page. To look for specific dashboards, filter by Preset and then by Name.

For existing monitored services, you might need to resave your credentials for the preset dashboard to appear on the Dashboards page. To resave your credentials, go to Settings > Cloud and virtualization > AWS, select the desired AWS instance, and then select Save.
You can't make changes on a preset dashboard directly, but you can clone and edit it. To clone a dashboard, open the browse menu (â¦) and select Clone.
To remove a dashboard from the dashboards page, you can hide it. To hide a dashboard, open the browse menu (â¦) and select Hide.
Hiding a dashboard doesn't affect other users.

To check the availability of preset dashboards for each AWS service, see the list below.
Preset dashboard availability list¶
| AWS service | Preset dashboard |
|---|---|
| Amazon EC2 Auto Scaling (built-in) | Not applicable |
| AWS Lambda (built-in) | Not applicable |
| Amazon Application and Network Load Balancer (built-in) | Not applicable |
| Amazon DynamoDB (built-in) | Not applicable |
| Amazon EBS (built-in) | Not applicable |
| Amazon EC2 (built-in) | Not applicable |
| Amazon Elastic Load Balancer (ELB) (built-in) | Not applicable |
| Amazon RDS (built-in) | Not applicable |
| Amazon S3 (built-in) | Not applicable |
| AWS Certificate Manager Private Certificate Authority | Not applicable |
| All monitored Amazon services | Not applicable |
| Amazon API Gateway | Not applicable |
| AWS App Runner | Not applicable |
| Amazon AppStream | Applicable |
| AWS AppSync | Applicable |
| Amazon Athena | Applicable |
| Amazon Aurora | Not applicable |
| Amazon EC2 Auto Scaling | Applicable |
| AWS Billing | Applicable |
| Amazon Keyspaces | Applicable |
| AWS Chatbot | Applicable |
| Amazon CloudFront | Not applicable |
| AWS CloudHSM | Applicable |
| Amazon CloudSearch | Applicable |
| AWS CodeBuild | Applicable |
| Amazon Cognito | Not applicable |
| Amazon Connect | Applicable |
| AWS DataSync | Applicable |
| Amazon DynamoDB Accelerator (DAX) | Applicable |
| AWS Database Migration Service (AWS DMS) | Applicable |
| Amazon DocumentDB | Applicable |
| AWS Direct Connect | Applicable |
| Amazon DynamoDB | Not applicable |
| Amazon EBS | Not applicable |
| Amazon EC2 Spot Fleet | Not applicable |
| Amazon EC2 API | Applicable |
| Amazon Elastic Container Service (ECS) | Not applicable |
| Amazon ECS Container Insights | Applicable |
| Amazon Elastic File System (EFS) | Not applicable |
| Amazon Elastic Kubernetes Service (EKS) | Applicable |
| Amazon ElastiCache (EC) | Not applicable |
| AWS Elastic Beanstalk | Applicable |
| Amazon Elastic Inference | Applicable |
| Amazon Elastic Transcoder | Applicable |
| Amazon Elastic Map Reduce (EMR) | Not applicable |
| Amazon Elasticsearch Service (ES) | Not applicable |
| Amazon EventBridge | Applicable |
| Amazon FSx | Applicable |
| Amazon GameLift | Applicable |
| AWS Glue | Not applicable |
| Amazon Inspector | Applicable |
| AWS Internet of Things (IoT) | Not applicable |
| AWS IoT Things Graph | Applicable |
| AWS IoT Analytics | Applicable |
| Amazon Managed Streaming for Kafka | Applicable |
| Amazon Kinesis Data Analytics | Not applicable |
| Amazon Data Firehose | Not applicable |
| Amazon Kinesis Data Streams | Not applicable |
| Amazon Kinesis Video Streams | Not applicable |
| AWS Lambda | Not applicable |
| Amazon Lex | Applicable |
| Amazon CloudWatch Logs | Applicable |
| AWS Elemental MediaTailor | Applicable |
| AWS Elemental MediaConnect | Applicable |
| AWS Elemental MediaConvert | Applicable |
| AWS Elemental MediaPackage Live | Applicable |
| AWS Elemental MediaPackage Video on Demand | Applicable |
| Amazon MQ | Applicable |
| Amazon VPC NAT Gateways | Not applicable |
| Amazon Neptune | Applicable |
| AWS OpsWorks | Applicable |
| Amazon Polly | Applicable |
| Amazon QLDB | Applicable |
| Amazon RDS | Not applicable |
| Amazon Redshift | Not applicable |
| Amazon Rekognition | Applicable |
| AWS RoboMaker | Applicable |
| Amazon Route 53 | Applicable |
| Amazon Route 53 Resolver | Applicable |
| Amazon S3 | Not applicable |
| Amazon SageMaker Batch Transform Jobs | Not applicable |
| Amazon SageMaker Endpoints | Not applicable |
| Amazon SageMaker Endpoint Instances | Not applicable |
| Amazon SageMaker Ground Truth | Not applicable |
| Amazon SageMaker Processing Jobs | Not applicable |
| Amazon SageMaker Training Jobs | Not applicable |
| AWS Service Catalog | Applicable |
| Amazon Simple Email Service (SES) | Not applicable |
| Amazon Simple Notification Service (SNS) | Not applicable |
| Amazon Simple Queue Service (SQS) | Not applicable |
| AWS Systems Manager - Run Command | Applicable |
| AWS Step Functions | Applicable |
| AWS Storage Gateway | Applicable |
| Amazon SWF | Applicable |
| Amazon Textract | Applicable |
| AWS Transfer Family | Applicable |
| AWS Transit Gateway | Applicable |
| Amazon Translate | Applicable |
| AWS Trusted Advisor | Applicable |
| AWS API Usage | Applicable |
| AWS Site-to-Site VPN | Applicable |
| AWS WAF Classic | Applicable |
| AWS WAF | Applicable |
| Amazon WorkMail | Applicable |
| Amazon WorkSpaces | Applicable |

Available metrics¶
Broker is the main dimension.
ActiveMQ¶
| Name | Description | Unit | Statistics | Dimensions | Recommended |
|---|---|---|---|---|---|
| ConsumerCount | The number of consumers subscribed to the destination | Count | Average | Broker, Topic | |
| ConsumerCount | Count | Average | Broker, Queue | ||
| CpuCreditBalance | The number of earned CPU credits that an instance has accrued since it was launched or started (including the number of launch credits) | Count | Average | Broker | Applicable |
| CpuUtilization | The percentage of allocated Amazon EC2 compute units that the broker currently uses | Percent | Average | Broker | Applicable |
| CurrentConnectionsCount | The current number of active connections on the current broker | Count | Average | Broker | Applicable |
| DequeueCount | The number of messages acknowledged by consumers, per minute | Count | Average | Broker, NetworkConnector, RemoteBroker | |
| DequeueCount | Count | Average | Broker, Topic | ||
| DequeueCount | Count | Average | Broker, Queue | ||
| DispatchCount | The number of messages sent to consumers, per minute | Count | Average | Broker, Topic | |
| DispatchCount | Count | Average | Broker, Queue | ||
| EnqueueCount | The number of messages sent to the destination, per minute | Count | Average | Broker, NetworkConnector, RemoteBroker | |
| EnqueueCount | Count | Average | Broker, Topic | ||
| EnqueueCount | Count | Average | Broker, Queue | ||
| EnqueueTime | The end-to-end latency from when a message arrives at a broker until it is delivered to a consumer | Milliseconds | Multi | Broker, Topic | |
| EnqueueTime | Milliseconds | Multi | Broker, Queue | ||
| EstablishedConnectionsCount | The total number of connections, active and inactive, that have been established on the broker | Count | Average | Broker | |
| ExpiredCount | The number of messages that couldn't be delivered because they expired, per minute | Count | Average | Broker, Topic | |
| ExpiredCount | Count | Average | Broker, Queue | ||
| HeapUsage | The percentage of the ActiveMQ JVM memory limit that the broker currently uses | Percent | Average | Broker | Applicable |
| InFlightCount | The number of messages sent to consumers that have not been acknowledged | Count | Average | Broker, Topic | |
| InFlightCount | Count | Average | Broker, Queue | ||
| InactiveDurableTopicSubscribersCount | The number of inactive durable topic subscribers, up to a maximum of 2000 | Count | Average | Broker | |
| JobSchedulerStorePercentUsage | The percentage of disk space used by the job scheduler store | Percent | Average | Broker | |
| JournalFilesForFastRecovery | The number of journal files that will be replayed after a clean shutdown | Count | Average | Broker | |
| JournalFilesForFullRecovery | The number of journal files that will be replayed after an unclean shutdown | Count | Average | Broker | |
| MemoryUsage | The percentage of the memory limit that the destination currently uses. | Percent | Average | Broker, Topic | |
| MemoryUsage | Percent | Average | Broker, Queue | ||
| NetworkIn | The volume of incoming traffic for the broker | Bytes | Average | Broker | |
| NetworkIn | Bytes | Sum | Broker | Applicable | |
| NetworkOut | The volume of outgoing traffic for the broker | Bytes | Average | Broker | |
| NetworkOut | Bytes | Sum | Broker | Applicable | |
| OpenTransactionCount | The total number of transactions in progress | Count | Average | Broker | |
| ProducerCount | The number of producers for the destination | Count | Average | Broker, Topic | |
| ProducerCount | Count | Average | Broker, Queue | ||
| QueueSize | The number of messages in the queue. This metric applies only to queues. | Count | Average | Broker, Queue | |
| ReceiveCount | The number of messages that have been received from the remote broker for a duplex network connector | Count | Average | Broker, NetworkConnector, RemoteBroker | |
| StorePercentUsage | The percent used by the storage limit. If this reaches 100, the broker will refuse messages. | Percent | Average | Broker | |
| TempPercentUsage | The percentage of available temporary storage used by non-persistent messages | Percent | Average | Broker | |
| TotalConsumerCount | The number of message consumers subscribed to destinations on the current broker | Count | Average | Broker | Applicable |
| TotalDequeueCount | The total number of messages that have been consumed by clients | Count | Average | Broker | |
| TotalEnqueueCount | The total number of messages that have been sent to the broker | Count | Average | Broker | |
| TotalMessageCount | The number of messages stored on the broker | Count | Average | Broker | Applicable |
| TotalProducerCount | The number of message producers active on destinations on the current broker | Count | Average | Broker | Applicable |
RabbitMQ¶
| Name | Description | Unit | Statistics | Dimensions | Recommended |
|---|---|---|---|---|---|
| AckRate | The rate at which messages are being acknowledged by consumers. | Count/Second | Multi | Broker | Applicable |
| ChannelCount | The total number of channels established on the broker. | Count | Average | Broker | |
| ConfirmRate | The rate at which the RabbitMQ server is confirming published messages. | Count/Second | Multi | Broker | Applicable |
| ConnectionCount | The total number of connections established on the broker. | Count | Average | Broker | |
| ConsumerCount | The total number of consumers connected to the broker. | Count | Average | Broker, Queue, VirtualHost | |
| ConsumerCount | Count | Average | Broker | Applicable | |
| ExchangeCount | The total number of exchanges configured on the broker. | Count | Average | Broker | |
| MessageCount | The total number of messages in the queues. | Count | Average | Broker, Queue, VirtualHost | |
| MessageCount | Count | Average | Broker | Applicable | |
| MessageReadyCount | The total number of ready messages in the queues. | Count | Average | Broker, Queue, VirtualHost | |
| MessageReadyCount | Count | Average | Broker | Applicable | |
| MessageUnacknowledgedCount | The total number of unacknowledged messages in the queues. | Count | Average | Broker, Queue, VirtualHost | |
| MessageUnacknowledgedCount | Count | Average | Broker | Applicable | |
| PublishRate | The rate at which messages are published to the broker. | Count/Second | Multi | Broker | Applicable |
| QueueCount | The total number of queues configured on the broker. | Count | Average | Broker | |
| RabbitMQDiskFreeLimit | The disk limit for a RabbitMQ node. | Bytes | Multi | Broker, Node | Applicable |
| RabbitMQDiskFree | Bytes | Multi | Broker, Node | Applicable | |
| RabbitMQFdUsed | Number of file descriptors used. | Count | Average | Broker, Node | |
| RabbitMQMemLimit | Bytes | Multi | Broker, Node | Applicable | |
| RabbitMQMemUsed | Bytes | Multi | Broker, Node | Applicable | |
| SystemCpuUtilization | The percentage of allocated Amazon EC2 compute units that the broker currently uses. | Percent | Multi | Broker, Node | Applicable |
Limitations¶
Dynatrace entities of this AWS service are not enriched with the ARN property.
Source: aws-service-neptune.md¶
title: Amazon Neptune monitoring source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-with-aws/aws-all-services/aws-service-neptune scraped: 2026-02-18T05:50:44.053681
Amazon Neptune monitoring¶
Amazon Neptune monitoring¶
- How-to guide
- 11-min read
- Published Jul 06, 2020
Dynatrace ingests metrics for multiple preselected namespaces, including Amazon Neptune. You can view metrics for each service instance, split metrics into multiple dimensions, and create custom charts that you can pin to your dashboards.
Prerequisites¶
To enable monitoring for this service, you need
-
ActiveGate version 1.197+
-
For Dynatrace SaaS deployments, you need an Environment ActiveGate or a Multi-environment ActiveGate.
For role-based access in SaaS deployment, you need an Environment ActiveGate installed on an Amazon EC2 host.
- Dynatrace version 1.200+
- An updated AWS monitoring policy to include the additional AWS services.
To update the AWS IAM policy, use the JSON below, containing the monitoring policy (permissions) for all supporting services.
JSON predefined policy for all supporting services
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"acm-pca:ListCertificateAuthorities",
"apigateway:GET",
"apprunner:ListServices",
"appstream:DescribeFleets",
"appsync:ListGraphqlApis",
"athena:ListWorkGroups",
"autoscaling:DescribeAutoScalingGroups",
"cloudformation:ListStackResources",
"cloudfront:ListDistributions",
"cloudhsm:DescribeClusters",
"cloudsearch:DescribeDomains",
"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"codebuild:ListProjects",
"datasync:ListTasks",
"dax:DescribeClusters",
"directconnect:DescribeConnections",
"dms:DescribeReplicationInstances",
"dynamodb:ListTables",
"dynamodb:ListTagsOfResource",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeInstances",
"ec2:DescribeNatGateways",
"ec2:DescribeSpotFleetRequests",
"ec2:DescribeTransitGateways",
"ec2:DescribeVolumes",
"ec2:DescribeVpnConnections",
"ecs:ListClusters",
"eks:ListClusters",
"elasticache:DescribeCacheClusters",
"elasticbeanstalk:DescribeEnvironmentResources",
"elasticbeanstalk:DescribeEnvironments",
"elasticfilesystem:DescribeFileSystems",
"elasticloadbalancing:DescribeInstanceHealth",
"elasticloadbalancing:DescribeListeners",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeRules",
"elasticloadbalancing:DescribeTags",
"elasticloadbalancing:DescribeTargetHealth",
"elasticmapreduce:ListClusters",
"elastictranscoder:ListPipelines",
"es:ListDomainNames",
"events:ListEventBuses",
"firehose:ListDeliveryStreams",
"fsx:DescribeFileSystems",
"gamelift:ListFleets",
"glue:GetJobs",
"inspector:ListAssessmentTemplates",
"kafka:ListClusters",
"kinesis:ListStreams",
"kinesisanalytics:ListApplications",
"kinesisvideo:ListStreams",
"lambda:ListFunctions",
"lambda:ListTags",
"lex:GetBots",
"logs:DescribeLogGroups",
"mediaconnect:ListFlows",
"mediaconvert:DescribeEndpoints",
"mediapackage-vod:ListPackagingConfigurations",
"mediapackage:ListChannels",
"mediatailor:ListPlaybackConfigurations",
"opsworks:DescribeStacks",
"qldb:ListLedgers",
"rds:DescribeDBClusters",
"rds:DescribeDBInstances",
"rds:DescribeEvents",
"rds:ListTagsForResource",
"redshift:DescribeClusters",
"robomaker:ListSimulationJobs",
"route53:ListHostedZones",
"route53resolver:ListResolverEndpoints",
"s3:ListAllMyBuckets",
"sagemaker:ListEndpoints",
"sns:ListTopics",
"sqs:ListQueues",
"storagegateway:ListGateways",
"sts:GetCallerIdentity",
"swf:ListDomains",
"tag:GetResources",
"tag:GetTagKeys",
"transfer:ListServers",
"workmail:ListOrganizations",
"workspaces:DescribeWorkspaces"
],
"Resource": "*"
}
]
}
If you don't want to add permissions to all services, and just select permissions for certain services, consult the table below. The table contains a set of permissions that are required for All AWS cloud services and, for each supporting service, a list of optional permissions specific to that service.
Permissions required for AWS monitoring integration:
"cloudwatch:GetMetricData""cloudwatch:GetMetricStatistics""cloudwatch:ListMetrics""sts:GetCallerIdentity""tag:GetResources""tag:GetTagKeys""ec2:DescribeAvailabilityZones"
Complete list of permissions for cloud services¶
| Name | Permissions |
|---|---|
| All monitored Amazon services Required | cloudwatch:GetMetricData, cloudwatch:GetMetricStatistics, cloudwatch:ListMetrics, sts:GetCallerIdentity, tag:GetResources, tag:GetTagKeys, ec2:DescribeAvailabilityZones |
| AWS Certificate Manager Private Certificate Authority | acm-pca:ListCertificateAuthorities |
| Amazon MQ | |
| Amazon API Gateway | apigateway:GET |
| AWS App Runner | apprunner:ListServices |
| Amazon AppStream | appstream:DescribeFleets |
| AWS AppSync | appsync:ListGraphqlApis |
| Amazon Athena | athena:ListWorkGroups |
| Amazon Aurora | rds:DescribeDBClusters |
| Amazon EC2 Auto Scaling | autoscaling:DescribeAutoScalingGroups |
| Amazon EC2 Auto Scaling (built-in) | autoscaling:DescribeAutoScalingGroups |
| AWS Billing | |
| Amazon Keyspaces | |
| AWS Chatbot | |
| Amazon CloudFront | cloudfront:ListDistributions |
| AWS CloudHSM | cloudhsm:DescribeClusters |
| Amazon CloudSearch | cloudsearch:DescribeDomains |
| AWS CodeBuild | codebuild:ListProjects |
| Amazon Cognito | |
| Amazon Connect | |
| Amazon Elastic Kubernetes Service (EKS) | eks:ListClusters |
| AWS DataSync | datasync:ListTasks |
| Amazon DynamoDB Accelerator (DAX) | dax:DescribeClusters |
| AWS Database Migration Service (AWS DMS) | dms:DescribeReplicationInstances |
| Amazon DocumentDB | rds:DescribeDBClusters |
| AWS Direct Connect | directconnect:DescribeConnections |
| Amazon DynamoDB | dynamodb:ListTables |
| Amazon DynamoDB (built-in) | dynamodb:ListTables, dynamodb:ListTagsOfResource |
| Amazon EBS | ec2:DescribeVolumes |
| Amazon EBS (built-in) | ec2:DescribeVolumes |
| Amazon EC2 API | |
| Amazon EC2 (built-in) | ec2:DescribeInstances |
| Amazon EC2 Spot Fleet | ec2:DescribeSpotFleetRequests |
| Amazon Elastic Container Service (ECS) | ecs:ListClusters |
| Amazon ECS Container Insights | ecs:ListClusters |
| Amazon ElastiCache (EC) | elasticache:DescribeCacheClusters |
| AWS Elastic Beanstalk | elasticbeanstalk:DescribeEnvironments |
| Amazon Elastic File System (EFS) | elasticfilesystem:DescribeFileSystems |
| Amazon Elastic Inference | |
| Amazon Elastic Map Reduce (EMR) | elasticmapreduce:ListClusters |
| Amazon Elasticsearch Service (ES) | es:ListDomainNames |
| Amazon Elastic Transcoder | elastictranscoder:ListPipelines |
| Amazon Elastic Load Balancer (ELB) (built-in) | elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth |
| Amazon EventBridge | events:ListEventBuses |
| Amazon FSx | fsx:DescribeFileSystems |
| Amazon GameLift | gamelift:ListFleets |
| AWS Glue | glue:GetJobs |
| Amazon Inspector | inspector:ListAssessmentTemplates |
| AWS Internet of Things (IoT) | |
| AWS IoT Analytics | |
| Amazon Managed Streaming for Kafka | kafka:ListClusters |
| Amazon Kinesis Data Analytics | kinesisanalytics:ListApplications |
| Amazon Data Firehose | firehose:ListDeliveryStreams |
| Amazon Kinesis Data Streams | kinesis:ListStreams |
| Amazon Kinesis Video Streams | kinesisvideo:ListStreams |
| AWS Lambda | lambda:ListFunctions |
| AWS Lambda (built-in) | lambda:ListFunctions, lambda:ListTags |
| Amazon Lex | lex:GetBots |
| Amazon Application and Network Load Balancer (built-in) | elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth |
| Amazon CloudWatch Logs | logs:DescribeLogGroups |
| AWS Elemental MediaConnect | mediaconnect:ListFlows |
| AWS Elemental MediaConvert | mediaconvert:DescribeEndpoints |
| AWS Elemental MediaPackage Live | mediapackage:ListChannels |
| AWS Elemental MediaPackage Video on Demand | mediapackage-vod:ListPackagingConfigurations |
| AWS Elemental MediaTailor | mediatailor:ListPlaybackConfigurations |
| Amazon VPC NAT Gateways | ec2:DescribeNatGateways |
| Amazon Neptune | rds:DescribeDBClusters |
| AWS OpsWorks | opsworks:DescribeStacks |
| Amazon Polly | |
| Amazon QLDB | qldb:ListLedgers |
| Amazon RDS | rds:DescribeDBInstances |
| Amazon RDS (built-in) | rds:DescribeDBInstances, rds:DescribeEvents, rds:ListTagsForResource |
| Amazon Redshift | redshift:DescribeClusters |
| Amazon Rekognition | |
| AWS RoboMaker | robomaker:ListSimulationJobs |
| Amazon Route 53 | route53:ListHostedZones |
| Amazon Route 53 Resolver | route53resolver:ListResolverEndpoints |
| Amazon S3 | s3:ListAllMyBuckets |
| Amazon S3 (built-in) | s3:ListAllMyBuckets |
| Amazon SageMaker Batch Transform Jobs | |
| Amazon SageMaker Endpoint Instances | sagemaker:ListEndpoints |
| Amazon SageMaker Endpoints | sagemaker:ListEndpoints |
| Amazon SageMaker Ground Truth | |
| Amazon SageMaker Processing Jobs | |
| Amazon SageMaker Training Jobs | |
| AWS Service Catalog | |
| Amazon Simple Email Service (SES) | |
| Amazon Simple Notification Service (SNS) | sns:ListTopics |
| Amazon Simple Queue Service (SQS) | sqs:ListQueues |
| AWS Systems Manager - Run Command | |
| AWS Step Functions | |
| AWS Storage Gateway | storagegateway:ListGateways |
| Amazon SWF | swf:ListDomains |
| Amazon Textract | |
| AWS IoT Things Graph | |
| AWS Transfer Family | transfer:ListServers |
| AWS Transit Gateway | ec2:DescribeTransitGateways |
| Amazon Translate | |
| AWS Trusted Advisor | |
| AWS API Usage | |
| AWS Site-to-Site VPN | ec2:DescribeVpnConnections |
| AWS WAF Classic | |
| AWS WAF | |
| Amazon WorkMail | workmail:ListOrganizations |
| Amazon WorkSpaces | workspaces:DescribeWorkspaces |
Example of JSON policy for one single service.
JSON policy for Amazon API Gateway
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"apigateway:GET",
"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"sts:GetCallerIdentity",
"tag:GetResources",
"tag:GetTagKeys",
"ec2:DescribeAvailabilityZones"
],
"Resource": "*"
}
]
}
In this example, from the complete list of permissions you need to select
"apigateway:GET"for Amazon API Gateway"cloudwatch:GetMetricData","cloudwatch:GetMetricStatistics","cloudwatch:ListMetrics","sts:GetCallerIdentity","tag:GetResources","tag:GetTagKeys", and"ec2:DescribeAvailabilityZones"for All AWS cloud services.
AWS endpoints that need to be reachable from ActiveGate with corresponding AWS services¶
| Endpoint | Service |
|---|---|
autoscaling.<REGION>.amazonaws.com |
Amazon EC2 Auto Scaling (built-in), Amazon EC2 Auto Scaling |
lambda.<REGION>.amazonaws.com |
AWS Lambda (built-in), AWS Lambda |
elasticloadbalancing.<REGION>.amazonaws.com |
Amazon Application and Network Load Balancer (built-in), Amazon Elastic Load Balancer (ELB) (built-in) |
dynamodb.<REGION>.amazonaws.com |
Amazon DynamoDB (built-in), Amazon DynamoDB |
ec2.<REGION>.amazonaws.com |
Amazon EBS (built-in), Amazon EC2 (built-in), Amazon EBS, Amazon EC2 Spot Fleet, Amazon VPC NAT Gateways, AWS Transit Gateway, AWS Site-to-Site VPN |
rds.<REGION>.amazonaws.com |
Amazon RDS (built-in), Amazon Aurora, Amazon DocumentDB, Amazon Neptune, Amazon RDS |
s3.<REGION>.amazonaws.com |
Amazon S3 (built-in) |
acm-pca.<REGION>.amazonaws.com |
AWS Certificate Manager Private Certificate Authority |
apigateway.<REGION>.amazonaws.com |
Amazon API Gateway |
apprunner.<REGION>.amazonaws.com |
AWS App Runner |
appstream2.<REGION>.amazonaws.com |
Amazon AppStream |
appsync.<REGION>.amazonaws.com |
AWS AppSync |
athena.<REGION>.amazonaws.com |
Amazon Athena |
cloudfront.amazonaws.com |
Amazon CloudFront |
cloudhsmv2.<REGION>.amazonaws.com |
AWS CloudHSM |
cloudsearch.<REGION>.amazonaws.com |
Amazon CloudSearch |
codebuild.<REGION>.amazonaws.com |
AWS CodeBuild |
datasync.<REGION>.amazonaws.com |
AWS DataSync |
dax.<REGION>.amazonaws.com |
Amazon DynamoDB Accelerator (DAX) |
dms.<REGION>.amazonaws.com |
AWS Database Migration Service (AWS DMS) |
directconnect.<REGION>.amazonaws.com |
AWS Direct Connect |
ecs.<REGION>.amazonaws.com |
Amazon Elastic Container Service (ECS), Amazon ECS Container Insights |
elasticfilesystem.<REGION>.amazonaws.com |
Amazon Elastic File System (EFS) |
eks.<REGION>.amazonaws.com |
Amazon Elastic Kubernetes Service (EKS) |
elasticache.<REGION>.amazonaws.com |
Amazon ElastiCache (EC) |
elasticbeanstalk.<REGION>.amazonaws.com |
AWS Elastic Beanstalk |
elastictranscoder.<REGION>.amazonaws.com |
Amazon Elastic Transcoder |
es.<REGION>.amazonaws.com |
Amazon Elasticsearch Service (ES) |
events.<REGION>.amazonaws.com |
Amazon EventBridge |
fsx.<REGION>.amazonaws.com |
Amazon FSx |
gamelift.<REGION>.amazonaws.com |
Amazon GameLift |
glue.<REGION>.amazonaws.com |
AWS Glue |
inspector.<REGION>.amazonaws.com |
Amazon Inspector |
kafka.<REGION>.amazonaws.com |
Amazon Managed Streaming for Kafka |
models.lex.<REGION>.amazonaws.com |
Amazon Lex |
logs.<REGION>.amazonaws.com |
Amazon CloudWatch Logs |
api.mediatailor.<REGION>.amazonaws.com |
AWS Elemental MediaTailor |
mediaconnect.<REGION>.amazonaws.com |
AWS Elemental MediaConnect |
mediapackage.<REGION>.amazonaws.com |
AWS Elemental MediaPackage Live |
mediapackage-vod.<REGION>.amazonaws.com |
AWS Elemental MediaPackage Video on Demand |
opsworks.<REGION>.amazonaws.com |
AWS OpsWorks |
qldb.<REGION>.amazonaws.com |
Amazon QLDB |
redshift.<REGION>.amazonaws.com |
Amazon Redshift |
robomaker.<REGION>.amazonaws.com |
AWS RoboMaker |
route53.amazonaws.com |
Amazon Route 53 |
route53resolver.<REGION>.amazonaws.com |
Amazon Route 53 Resolver |
api.sagemaker.<REGION>.amazonaws.com |
Amazon SageMaker Endpoints, Amazon SageMaker Endpoint Instances |
sns.<REGION>.amazonaws.com |
Amazon Simple Notification Service (SNS) |
sqs.<REGION>.amazonaws.com |
Amazon Simple Queue Service (SQS) |
storagegateway.<REGION>.amazonaws.com |
AWS Storage Gateway |
swf.<REGION>.amazonaws.com |
Amazon SWF |
transfer.<REGION>.amazonaws.com |
AWS Transfer Family |
workmail.<REGION>.amazonaws.com |
Amazon WorkMail |
workspaces.<REGION>.amazonaws.com |
Amazon WorkSpaces |
Enable monitoring¶
To learn how to enable service monitoring, see Enable service monitoring.
View service metrics¶
You can view the service metrics in your Dynatrace environment either on the custom device overview page or on your Dashboards page.
View metrics on the custom device overview page¶
To access the custom device overview page
- Go to
Technologies & Processes Classic. - Filter by service name and select the relevant custom device group.
- Once you select the custom device group, you're on the custom device group overview page.
- The custom device group overview page lists all instances (custom devices) belonging to the group. Select an instance to view the custom device overview page.
View metrics on your dashboard¶
After you add the service to monitoring, a preset dashboard containing all recommended metrics is automatically listed on your Dashboards page. To look for specific dashboards, filter by Preset and then by Name.

For existing monitored services, you might need to resave your credentials for the preset dashboard to appear on the Dashboards page. To resave your credentials, go to Settings > Cloud and virtualization > AWS, select the desired AWS instance, and then select Save.
You can't make changes on a preset dashboard directly, but you can clone and edit it. To clone a dashboard, open the browse menu (â¦) and select Clone.
To remove a dashboard from the dashboards page, you can hide it. To hide a dashboard, open the browse menu (â¦) and select Hide.
Hiding a dashboard doesn't affect other users.

To check the availability of preset dashboards for each AWS service, see the list below.
Preset dashboard availability list¶
| AWS service | Preset dashboard |
|---|---|
| Amazon EC2 Auto Scaling (built-in) | Not applicable |
| AWS Lambda (built-in) | Not applicable |
| Amazon Application and Network Load Balancer (built-in) | Not applicable |
| Amazon DynamoDB (built-in) | Not applicable |
| Amazon EBS (built-in) | Not applicable |
| Amazon EC2 (built-in) | Not applicable |
| Amazon Elastic Load Balancer (ELB) (built-in) | Not applicable |
| Amazon RDS (built-in) | Not applicable |
| Amazon S3 (built-in) | Not applicable |
| AWS Certificate Manager Private Certificate Authority | Not applicable |
| All monitored Amazon services | Not applicable |
| Amazon API Gateway | Not applicable |
| AWS App Runner | Not applicable |
| Amazon AppStream | Applicable |
| AWS AppSync | Applicable |
| Amazon Athena | Applicable |
| Amazon Aurora | Not applicable |
| Amazon EC2 Auto Scaling | Applicable |
| AWS Billing | Applicable |
| Amazon Keyspaces | Applicable |
| AWS Chatbot | Applicable |
| Amazon CloudFront | Not applicable |
| AWS CloudHSM | Applicable |
| Amazon CloudSearch | Applicable |
| AWS CodeBuild | Applicable |
| Amazon Cognito | Not applicable |
| Amazon Connect | Applicable |
| AWS DataSync | Applicable |
| Amazon DynamoDB Accelerator (DAX) | Applicable |
| AWS Database Migration Service (AWS DMS) | Applicable |
| Amazon DocumentDB | Applicable |
| AWS Direct Connect | Applicable |
| Amazon DynamoDB | Not applicable |
| Amazon EBS | Not applicable |
| Amazon EC2 Spot Fleet | Not applicable |
| Amazon EC2 API | Applicable |
| Amazon Elastic Container Service (ECS) | Not applicable |
| Amazon ECS Container Insights | Applicable |
| Amazon Elastic File System (EFS) | Not applicable |
| Amazon Elastic Kubernetes Service (EKS) | Applicable |
| Amazon ElastiCache (EC) | Not applicable |
| AWS Elastic Beanstalk | Applicable |
| Amazon Elastic Inference | Applicable |
| Amazon Elastic Transcoder | Applicable |
| Amazon Elastic Map Reduce (EMR) | Not applicable |
| Amazon Elasticsearch Service (ES) | Not applicable |
| Amazon EventBridge | Applicable |
| Amazon FSx | Applicable |
| Amazon GameLift | Applicable |
| AWS Glue | Not applicable |
| Amazon Inspector | Applicable |
| AWS Internet of Things (IoT) | Not applicable |
| AWS IoT Things Graph | Applicable |
| AWS IoT Analytics | Applicable |
| Amazon Managed Streaming for Kafka | Applicable |
| Amazon Kinesis Data Analytics | Not applicable |
| Amazon Data Firehose | Not applicable |
| Amazon Kinesis Data Streams | Not applicable |
| Amazon Kinesis Video Streams | Not applicable |
| AWS Lambda | Not applicable |
| Amazon Lex | Applicable |
| Amazon CloudWatch Logs | Applicable |
| AWS Elemental MediaTailor | Applicable |
| AWS Elemental MediaConnect | Applicable |
| AWS Elemental MediaConvert | Applicable |
| AWS Elemental MediaPackage Live | Applicable |
| AWS Elemental MediaPackage Video on Demand | Applicable |
| Amazon MQ | Applicable |
| Amazon VPC NAT Gateways | Not applicable |
| Amazon Neptune | Applicable |
| AWS OpsWorks | Applicable |
| Amazon Polly | Applicable |
| Amazon QLDB | Applicable |
| Amazon RDS | Not applicable |
| Amazon Redshift | Not applicable |
| Amazon Rekognition | Applicable |
| AWS RoboMaker | Applicable |
| Amazon Route 53 | Applicable |
| Amazon Route 53 Resolver | Applicable |
| Amazon S3 | Not applicable |
| Amazon SageMaker Batch Transform Jobs | Not applicable |
| Amazon SageMaker Endpoints | Not applicable |
| Amazon SageMaker Endpoint Instances | Not applicable |
| Amazon SageMaker Ground Truth | Not applicable |
| Amazon SageMaker Processing Jobs | Not applicable |
| Amazon SageMaker Training Jobs | Not applicable |
| AWS Service Catalog | Applicable |
| Amazon Simple Email Service (SES) | Not applicable |
| Amazon Simple Notification Service (SNS) | Not applicable |
| Amazon Simple Queue Service (SQS) | Not applicable |
| AWS Systems Manager - Run Command | Applicable |
| AWS Step Functions | Applicable |
| AWS Storage Gateway | Applicable |
| Amazon SWF | Applicable |
| Amazon Textract | Applicable |
| AWS Transfer Family | Applicable |
| AWS Transit Gateway | Applicable |
| Amazon Translate | Applicable |
| AWS Trusted Advisor | Applicable |
| AWS API Usage | Applicable |
| AWS Site-to-Site VPN | Applicable |
| AWS WAF Classic | Applicable |
| AWS WAF | Applicable |
| Amazon WorkMail | Applicable |
| Amazon WorkSpaces | Applicable |

Available metrics¶
DBClusterIdentifier is the main dimension.
| Name | Description | Unit | Statistics | Dimensions | Recommended |
|---|---|---|---|---|---|
| BackupRetentionPeriodStorageUsed | The total amount of backup storage, in bytes, used to support from the Neptune DB cluster's backup retention window | Bytes | Multi | DBClusterIdentifier | |
| BackupRetentionPeriodStorageUsed | Bytes | Multi | Region, EngineName | ||
| CPUUtilization | The percentage of CPU utilization | Percent | Multi | DBClusterIdentifier | Applicable |
| CPUUtilization | Percent | Multi | DBClusterIdentifier | Applicable | |
| CPUUtilization | Percent | Multi | Region | Applicable | |
| CPUUtilization | Percent | Multi | Region, DBInstanceIdentifier | Applicable | |
| CPUUtilization | Percent | Multi | Region, DatabaseClass | Applicable | |
| CPUUtilization | Percent | Multi | Region, EngineName | Applicable | |
| ClusterReplicaLag | For a read replica, the amount of lag when replicating updates from the primary instance, in milliseconds | Milliseconds | Multi | DBClusterIdentifier | Applicable |
| ClusterReplicaLag | Milliseconds | Multi | DBClusterIdentifier, Role | Applicable | |
| ClusterReplicaLag | Milliseconds | Multi | Region | Applicable | |
| ClusterReplicaLag | Milliseconds | Multi | Region, DBInstanceIdentifier | Applicable | |
| ClusterReplicaLag | Milliseconds | Multi | Region, DatabaseClass | Applicable | |
| ClusterReplicaLag | Milliseconds | Multi | Region, EngineName | Applicable | |
| ClusterReplicaLagMaximum | The maximum amount of lag between the primary instance and each Neptune DB instance in the DB cluster, in milliseconds | Milliseconds | Multi | DBClusterIdentifier | |
| ClusterReplicaLagMaximum | Milliseconds | Multi | DBClusterIdentifier, Role | ||
| ClusterReplicaLagMaximum | Milliseconds | Multi | Region | ||
| ClusterReplicaLagMaximum | Milliseconds | Multi | Region, DBInstanceIdentifier | ||
| ClusterReplicaLagMaximum | Milliseconds | Multi | Region, DatabaseClass | ||
| ClusterReplicaLagMaximum | Milliseconds | Multi | Region, EngineName | ||
| ClusterReplicaLagMinimum | The minimum amount of lag between the primary instance and each Neptune DB instance in the DB cluster, in milliseconds | Milliseconds | Multi | DBClusterIdentifier | |
| ClusterReplicaLagMinimum | Milliseconds | Multi | DBClusterIdentifier, Role | ||
| ClusterReplicaLagMinimum | Milliseconds | Multi | Region | ||
| ClusterReplicaLagMinimum | Milliseconds | Multi | Region, DBInstanceIdentifier | ||
| ClusterReplicaLagMinimum | Milliseconds | Multi | Region, DatabaseClass | ||
| ClusterReplicaLagMinimum | Milliseconds | Multi | Region, EngineName | ||
| EngineUptime | The amount of time that the instance has been running, in seconds | Seconds | Multi | DBClusterIdentifier | Applicable |
| EngineUptime | Seconds | Multi | DBClusterIdentifier, Role | Applicable | |
| EngineUptime | Seconds | Multi | Region | Applicable | |
| EngineUptime | Seconds | Multi | Region, DBInstanceIdentifier | Applicable | |
| EngineUptime | Seconds | Multi | Region, DatabaseClass | Applicable | |
| EngineUptime | Seconds | Multi | Region, EngineName | Applicable | |
| FreeableMemory | The amount of available RAM, in bytes | Bytes | Multi | DBClusterIdentifier | Applicable |
| FreeableMemory | Bytes | Multi | DBClusterIdentifier, Role | Applicable | |
| FreeableMemory | Bytes | Multi | Region | Applicable | |
| FreeableMemory | Bytes | Multi | Region, DBInstanceIdentifier | Applicable | |
| FreeableMemory | Bytes | Multi | Region, DatabaseClass | Applicable | |
| FreeableMemory | Bytes | Multi | Region, EngineName | Applicable | |
| GremlinRequestsPerSec | Number of requests per second to the Gremlin engine | Count/Second | Multi | DBClusterIdentifier | Applicable |
| GremlinRequestsPerSec | Count/Second | Multi | DBClusterIdentifier, Role | Applicable | |
| GremlinRequestsPerSec | Count/Second | Multi | Region | Applicable | |
| GremlinRequestsPerSec | Count/Second | Multi | Region, DBInstanceIdentifier | Applicable | |
| GremlinRequestsPerSec | Count/Second | Multi | Region, DatabaseClass | Applicable | |
| GremlinRequestsPerSec | Count/Second | Multi | Region, EngineName | Applicable | |
| GremlinWebSocketOpenConnections | The number of open WebSocket connections to Neptune | Count/Second | Multi | DBClusterIdentifier | |
| GremlinWebSocketOpenConnections | Count/Second | Multi | DBClusterIdentifier, Role | ||
| GremlinWebSocketOpenConnections | Count/Second | Multi | Region | ||
| GremlinWebSocketOpenConnections | Count/Second | Multi | Region, DBInstanceIdentifier | ||
| GremlinWebSocketOpenConnections | Count/Second | Multi | Region, DatabaseClass | ||
| GremlinWebSocketOpenConnections | Count/Second | Multi | Region, EngineName | ||
| LoaderRequestsPerSec | Number of loader requests per second | Count/Second | Multi | DBClusterIdentifier | |
| LoaderRequestsPerSec | Count/Second | Multi | DBClusterIdentifier, Role | ||
| LoaderRequestsPerSec | Count/Second | Multi | Region | ||
| LoaderRequestsPerSec | Count/Second | Multi | Region, DBInstanceIdentifier | ||
| LoaderRequestsPerSec | Count/Second | Multi | Region, DatabaseClass | ||
| LoaderRequestsPerSec | Count/Second | Multi | Region, EngineName | ||
| MainRequestQueuePendingRequests | The number of requests waiting in the input queue pending execution. Neptune starts throttling requests when they exceed the maximum queue capacity | Count/Second | Multi | DBClusterIdentifier | Applicable |
| MainRequestQueuePendingRequests | Count/Second | Multi | DBClusterIdentifier, Role | Applicable | |
| MainRequestQueuePendingRequests | Count/Second | Multi | Region | Applicable | |
| MainRequestQueuePendingRequests | Count/Second | Multi | Region, DBInstanceIdentifier | Applicable | |
| MainRequestQueuePendingRequests | Count/Second | Multi | Region, DatabaseClass | Applicable | |
| MainRequestQueuePendingRequests | Count/Second | Multi | Region, EngineName | Applicable | |
| NetworkReceiveThroughput | The incoming (receive) network traffic on the DB instance, including both customer database traffic and Neptune traffic used for monitoring and replication, in bytes/second | Bytes/Second | Multi | DBClusterIdentifier | |
| NetworkReceiveThroughput | Bytes/Second | Multi | DBClusterIdentifier, Role | ||
| NetworkReceiveThroughput | Bytes/Second | Multi | Region | ||
| NetworkReceiveThroughput | Bytes/Second | Multi | Region, DBInstanceIdentifier | ||
| NetworkReceiveThroughput | Bytes/Second | Multi | Region, DatabaseClass | ||
| NetworkReceiveThroughput | Bytes/Second | Multi | Region, EngineName | ||
| NetworkThroughput | The amount of network throughput both received from and transmitted to clients by each instance in the Neptune DB cluster, in bytes per second. This throughput doesn't include network traffic between instances in the DB cluster and the cluster volume. | Bytes/Second | Multi | DBClusterIdentifier | Applicable |
| NetworkThroughput | Bytes/Second | Multi | DBClusterIdentifier, Role | Applicable | |
| NetworkThroughput | Bytes/Second | Multi | Region | Applicable | |
| NetworkThroughput | Bytes/Second | Multi | Region, DBInstanceIdentifier | Applicable | |
| NetworkThroughput | Bytes/Second | Multi | Region, DatabaseClass | Applicable | |
| NetworkThroughput | Bytes/Second | Multi | Region, EngineName | Applicable | |
| NetworkTransmitThroughput | The outgoing (transmit) network traffic on the DB instance, including both customer database traffic and Neptune traffic used for monitoring and replication, in bytes/second | Bytes/Second | Multi | DBClusterIdentifier | |
| NetworkTransmitThroughput | Bytes/Second | Multi | DBClusterIdentifier, Role | ||
| NetworkTransmitThroughput | Bytes/Second | Multi | Region | ||
| NetworkTransmitThroughput | Bytes/Second | Multi | Region, DBInstanceIdentifier | ||
| NetworkTransmitThroughput | Bytes/Second | Multi | Region, DatabaseClass | ||
| NetworkTransmitThroughput | Bytes/Second | Multi | Region, EngineName | ||
| NumTxCommitted | The number of transactions successfully committed per second | Count/Second | Multi | DBClusterIdentifier | |
| NumTxCommitted | Count/Second | Multi | DBClusterIdentifier, Role | ||
| NumTxCommitted | Count/Second | Multi | Region | ||
| NumTxCommitted | Count/Second | Multi | Region, DBInstanceIdentifier | ||
| NumTxCommitted | Count/Second | Multi | Region, DatabaseClass | ||
| NumTxCommitted | Count/Second | Multi | Region, EngineName | ||
| NumTxOpened | The number of transactions opened on the server per second | Count/Second | Multi | DBClusterIdentifier | |
| NumTxOpened | Count/Second | Multi | DBClusterIdentifier, Role | ||
| NumTxOpened | Count/Second | Multi | Region | ||
| NumTxOpened | Count/Second | Multi | Region, DBInstanceIdentifier | ||
| NumTxOpened | Count/Second | Multi | Region, DatabaseClass | ||
| NumTxOpened | Count/Second | Multi | Region, EngineName | ||
| NumTxRolledBack | The number of transactions per second rolled back on the server because of errors | Count/Second | Multi | DBClusterIdentifier | |
| NumTxRolledBack | Count/Second | Multi | DBClusterIdentifier, Role | ||
| NumTxRolledBack | Count/Second | Multi | Region | ||
| NumTxRolledBack | Count/Second | Multi | Region, DBInstanceIdentifier | ||
| NumTxRolledBack | Count/Second | Multi | Region, DatabaseClass | ||
| NumTxRolledBack | Count/Second | Multi | Region, EngineName | ||
| SnapshotStorageUsed | The total amount of backup storage consumed by all snapshots for a Neptune DB cluster outside its backup retention window, in bytes | Bytes | Multi | DBClusterIdentifier | |
| SnapshotStorageUsed | Bytes | Multi | Region, EngineName | ||
| SparqlRequestsPerSec | The number of requests per second to the SPARQL engine | Count/Second | Multi | DBClusterIdentifier | Applicable |
| SparqlRequestsPerSec | Count/Second | Multi | DBClusterIdentifier, Role | Applicable | |
| SparqlRequestsPerSec | Count/Second | Multi | Region | Applicable | |
| SparqlRequestsPerSec | Count/Second | Multi | Region, DBInstanceIdentifier | Applicable | |
| SparqlRequestsPerSec | Count/Second | Multi | Region, DatabaseClass | Applicable | |
| SparqlRequestsPerSec | Count/Second | Multi | Region, EngineName | Applicable | |
| TotalBackupStorageBilled | The total amount of backup storage for which you are billed for a given Neptune DB cluster, in bytes | Bytes | Multi | DBClusterIdentifier | |
| TotalBackupStorageBilled | Bytes | Multi | Region, EngineName | ||
| TotalClientErrorsPerSec | The total number per second of requests that errored out because of client-side issues | Count/Second | Multi | DBClusterIdentifier | Applicable |
| TotalClientErrorsPerSec | Count/Second | Multi | DBClusterIdentifier, Role | Applicable | |
| TotalClientErrorsPerSec | Count/Second | Multi | Region | Applicable | |
| TotalClientErrorsPerSec | Count/Second | Multi | Region, DBInstanceIdentifier | Applicable | |
| TotalClientErrorsPerSec | Count/Second | Multi | Region, DatabaseClass | Applicable | |
| TotalClientErrorsPerSec | Count/Second | Multi | Region, EngineName | Applicable | |
| TotalRequestsPerSec | The total number of requests per second to the server from all sources | Count/Second | Multi | DBClusterIdentifier | Applicable |
| TotalRequestsPerSec | Count/Second | Multi | DBClusterIdentifier, Role | Applicable | |
| TotalRequestsPerSec | Count/Second | Multi | Region | Applicable | |
| TotalRequestsPerSec | Count/Second | Multi | Region, DBInstanceIdentifier | Applicable | |
| TotalRequestsPerSec | Count/Second | Multi | Region, DatabaseClass | Applicable | |
| TotalRequestsPerSec | Count/Second | Multi | Region, EngineName | Applicable | |
| TotalServerErrorsPerSec | The total number per second of requests that errored out on the server because of internal failures | Count/Second | Multi | DBClusterIdentifier | Applicable |
| TotalServerErrorsPerSec | Count/Second | Multi | DBClusterIdentifier, Role | Applicable | |
| TotalServerErrorsPerSec | Count/Second | Multi | Region | Applicable | |
| TotalServerErrorsPerSec | Count/Second | Multi | Region, DBInstanceIdentifier | Applicable | |
| TotalServerErrorsPerSec | Count/Second | Multi | Region, DatabaseClass | Applicable | |
| TotalServerErrorsPerSec | Count/Second | Multi | Region, EngineName | Applicable | |
| VolumeBytesUsed | The total amount of storage allocated to your Neptune DB cluster, in bytes. This is the amount of storage for which you are billed. It is the maximum amount of storage allocated to your DB cluster at any point in its existence, not the amount you are currently using. | Bytes | Multi | DBClusterIdentifier | Applicable |
| VolumeBytesUsed | The amount of storage used by your Neptune DB instance, in bytes. | Bytes | Multi | Region, EngineName | Applicable |
| VolumeBytesLeftTotal | The remaining available space for the cluster volume, as measured in bytes | Bytes | Multi | DBClusterIdentifier | Applicable |
| VolumeBytesLeftTotal | Bytes | Multi | Region | Applicable | |
| VolumeBytesLeftTotal | Bytes | Multi | Region, EngineName | Applicable | |
| VolumeReadIOPs | The average number of billed read I/O operations from a cluster volume, reported at 5-minute intervals. | Bytes | Multi | DBClusterIdentifier | Applicable |
| VolumeReadIOPs | Bytes | Multi | Region, EngineName | Applicable | |
| VolumeWriteIOPs | The average number of write disk I/O operations to the cluster volume, reported at 5-minute intervals | Bytes | Multi | DBClusterIdentifier | Applicable |
| VolumeWriteIOPs | Bytes | Multi | Region, EngineName | Applicable |
Source: aws-service-opsworks.md¶
title: AWS OpsWorks monitoring source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-with-aws/aws-all-services/aws-service-opsworks scraped: 2026-02-17T21:34:09.772190
AWS OpsWorks monitoring¶
AWS OpsWorks monitoring¶
- How-to guide
- 4-min read
- Published Sep 08, 2020
Dynatrace ingests metrics for multiple preselected namespaces, including AWS OpsWorks. You can view metrics for each service instance, split metrics into multiple dimensions, and create custom charts that you can pin to your dashboards.
Prerequisites¶
To enable monitoring for this service, you need
-
ActiveGate version 1.197+
-
For Dynatrace SaaS deployments, you need an Environment ActiveGate or a Multi-environment ActiveGate.
For role-based access in a SaaS deployment, you need an Environment ActiveGate installed on an Amazon EC2 host.
- Dynatrace version 1.201+
- An updated AWS monitoring policy to include the additional AWS services.
To update the AWS IAM policy, use the JSON below, containing the monitoring policy (permissions) for all supporting services.
JSON predefined policy for all supporting services
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"acm-pca:ListCertificateAuthorities",
"apigateway:GET",
"apprunner:ListServices",
"appstream:DescribeFleets",
"appsync:ListGraphqlApis",
"athena:ListWorkGroups",
"autoscaling:DescribeAutoScalingGroups",
"cloudformation:ListStackResources",
"cloudfront:ListDistributions",
"cloudhsm:DescribeClusters",
"cloudsearch:DescribeDomains",
"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"codebuild:ListProjects",
"datasync:ListTasks",
"dax:DescribeClusters",
"directconnect:DescribeConnections",
"dms:DescribeReplicationInstances",
"dynamodb:ListTables",
"dynamodb:ListTagsOfResource",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeInstances",
"ec2:DescribeNatGateways",
"ec2:DescribeSpotFleetRequests",
"ec2:DescribeTransitGateways",
"ec2:DescribeVolumes",
"ec2:DescribeVpnConnections",
"ecs:ListClusters",
"eks:ListClusters",
"elasticache:DescribeCacheClusters",
"elasticbeanstalk:DescribeEnvironmentResources",
"elasticbeanstalk:DescribeEnvironments",
"elasticfilesystem:DescribeFileSystems",
"elasticloadbalancing:DescribeInstanceHealth",
"elasticloadbalancing:DescribeListeners",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeRules",
"elasticloadbalancing:DescribeTags",
"elasticloadbalancing:DescribeTargetHealth",
"elasticmapreduce:ListClusters",
"elastictranscoder:ListPipelines",
"es:ListDomainNames",
"events:ListEventBuses",
"firehose:ListDeliveryStreams",
"fsx:DescribeFileSystems",
"gamelift:ListFleets",
"glue:GetJobs",
"inspector:ListAssessmentTemplates",
"kafka:ListClusters",
"kinesis:ListStreams",
"kinesisanalytics:ListApplications",
"kinesisvideo:ListStreams",
"lambda:ListFunctions",
"lambda:ListTags",
"lex:GetBots",
"logs:DescribeLogGroups",
"mediaconnect:ListFlows",
"mediaconvert:DescribeEndpoints",
"mediapackage-vod:ListPackagingConfigurations",
"mediapackage:ListChannels",
"mediatailor:ListPlaybackConfigurations",
"opsworks:DescribeStacks",
"qldb:ListLedgers",
"rds:DescribeDBClusters",
"rds:DescribeDBInstances",
"rds:DescribeEvents",
"rds:ListTagsForResource",
"redshift:DescribeClusters",
"robomaker:ListSimulationJobs",
"route53:ListHostedZones",
"route53resolver:ListResolverEndpoints",
"s3:ListAllMyBuckets",
"sagemaker:ListEndpoints",
"sns:ListTopics",
"sqs:ListQueues",
"storagegateway:ListGateways",
"sts:GetCallerIdentity",
"swf:ListDomains",
"tag:GetResources",
"tag:GetTagKeys",
"transfer:ListServers",
"workmail:ListOrganizations",
"workspaces:DescribeWorkspaces"
],
"Resource": "*"
}
]
}
If you don't want to add permissions to all services, and just select permissions for certain services, consult the table below. The table contains a set of permissions that are required for All AWS cloud services and, for each supporting service, a list of optional permissions specific to that service.
Permissions required for AWS monitoring integration:
"cloudwatch:GetMetricData""cloudwatch:GetMetricStatistics""cloudwatch:ListMetrics""sts:GetCallerIdentity""tag:GetResources""tag:GetTagKeys""ec2:DescribeAvailabilityZones"
Complete list of permissions for cloud services¶
| Name | Permissions |
|---|---|
| All monitored Amazon services Required | cloudwatch:GetMetricData, cloudwatch:GetMetricStatistics, cloudwatch:ListMetrics, sts:GetCallerIdentity, tag:GetResources, tag:GetTagKeys, ec2:DescribeAvailabilityZones |
| AWS Certificate Manager Private Certificate Authority | acm-pca:ListCertificateAuthorities |
| Amazon MQ | |
| Amazon API Gateway | apigateway:GET |
| AWS App Runner | apprunner:ListServices |
| Amazon AppStream | appstream:DescribeFleets |
| AWS AppSync | appsync:ListGraphqlApis |
| Amazon Athena | athena:ListWorkGroups |
| Amazon Aurora | rds:DescribeDBClusters |
| Amazon EC2 Auto Scaling | autoscaling:DescribeAutoScalingGroups |
| Amazon EC2 Auto Scaling (built-in) | autoscaling:DescribeAutoScalingGroups |
| AWS Billing | |
| Amazon Keyspaces | |
| AWS Chatbot | |
| Amazon CloudFront | cloudfront:ListDistributions |
| AWS CloudHSM | cloudhsm:DescribeClusters |
| Amazon CloudSearch | cloudsearch:DescribeDomains |
| AWS CodeBuild | codebuild:ListProjects |
| Amazon Cognito | |
| Amazon Connect | |
| Amazon Elastic Kubernetes Service (EKS) | eks:ListClusters |
| AWS DataSync | datasync:ListTasks |
| Amazon DynamoDB Accelerator (DAX) | dax:DescribeClusters |
| AWS Database Migration Service (AWS DMS) | dms:DescribeReplicationInstances |
| Amazon DocumentDB | rds:DescribeDBClusters |
| AWS Direct Connect | directconnect:DescribeConnections |
| Amazon DynamoDB | dynamodb:ListTables |
| Amazon DynamoDB (built-in) | dynamodb:ListTables, dynamodb:ListTagsOfResource |
| Amazon EBS | ec2:DescribeVolumes |
| Amazon EBS (built-in) | ec2:DescribeVolumes |
| Amazon EC2 API | |
| Amazon EC2 (built-in) | ec2:DescribeInstances |
| Amazon EC2 Spot Fleet | ec2:DescribeSpotFleetRequests |
| Amazon Elastic Container Service (ECS) | ecs:ListClusters |
| Amazon ECS Container Insights | ecs:ListClusters |
| Amazon ElastiCache (EC) | elasticache:DescribeCacheClusters |
| AWS Elastic Beanstalk | elasticbeanstalk:DescribeEnvironments |
| Amazon Elastic File System (EFS) | elasticfilesystem:DescribeFileSystems |
| Amazon Elastic Inference | |
| Amazon Elastic Map Reduce (EMR) | elasticmapreduce:ListClusters |
| Amazon Elasticsearch Service (ES) | es:ListDomainNames |
| Amazon Elastic Transcoder | elastictranscoder:ListPipelines |
| Amazon Elastic Load Balancer (ELB) (built-in) | elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth |
| Amazon EventBridge | events:ListEventBuses |
| Amazon FSx | fsx:DescribeFileSystems |
| Amazon GameLift | gamelift:ListFleets |
| AWS Glue | glue:GetJobs |
| Amazon Inspector | inspector:ListAssessmentTemplates |
| AWS Internet of Things (IoT) | |
| AWS IoT Analytics | |
| Amazon Managed Streaming for Kafka | kafka:ListClusters |
| Amazon Kinesis Data Analytics | kinesisanalytics:ListApplications |
| Amazon Data Firehose | firehose:ListDeliveryStreams |
| Amazon Kinesis Data Streams | kinesis:ListStreams |
| Amazon Kinesis Video Streams | kinesisvideo:ListStreams |
| AWS Lambda | lambda:ListFunctions |
| AWS Lambda (built-in) | lambda:ListFunctions, lambda:ListTags |
| Amazon Lex | lex:GetBots |
| Amazon Application and Network Load Balancer (built-in) | elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth |
| Amazon CloudWatch Logs | logs:DescribeLogGroups |
| AWS Elemental MediaConnect | mediaconnect:ListFlows |
| AWS Elemental MediaConvert | mediaconvert:DescribeEndpoints |
| AWS Elemental MediaPackage Live | mediapackage:ListChannels |
| AWS Elemental MediaPackage Video on Demand | mediapackage-vod:ListPackagingConfigurations |
| AWS Elemental MediaTailor | mediatailor:ListPlaybackConfigurations |
| Amazon VPC NAT Gateways | ec2:DescribeNatGateways |
| Amazon Neptune | rds:DescribeDBClusters |
| AWS OpsWorks | opsworks:DescribeStacks |
| Amazon Polly | |
| Amazon QLDB | qldb:ListLedgers |
| Amazon RDS | rds:DescribeDBInstances |
| Amazon RDS (built-in) | rds:DescribeDBInstances, rds:DescribeEvents, rds:ListTagsForResource |
| Amazon Redshift | redshift:DescribeClusters |
| Amazon Rekognition | |
| AWS RoboMaker | robomaker:ListSimulationJobs |
| Amazon Route 53 | route53:ListHostedZones |
| Amazon Route 53 Resolver | route53resolver:ListResolverEndpoints |
| Amazon S3 | s3:ListAllMyBuckets |
| Amazon S3 (built-in) | s3:ListAllMyBuckets |
| Amazon SageMaker Batch Transform Jobs | |
| Amazon SageMaker Endpoint Instances | sagemaker:ListEndpoints |
| Amazon SageMaker Endpoints | sagemaker:ListEndpoints |
| Amazon SageMaker Ground Truth | |
| Amazon SageMaker Processing Jobs | |
| Amazon SageMaker Training Jobs | |
| AWS Service Catalog | |
| Amazon Simple Email Service (SES) | |
| Amazon Simple Notification Service (SNS) | sns:ListTopics |
| Amazon Simple Queue Service (SQS) | sqs:ListQueues |
| AWS Systems Manager - Run Command | |
| AWS Step Functions | |
| AWS Storage Gateway | storagegateway:ListGateways |
| Amazon SWF | swf:ListDomains |
| Amazon Textract | |
| AWS IoT Things Graph | |
| AWS Transfer Family | transfer:ListServers |
| AWS Transit Gateway | ec2:DescribeTransitGateways |
| Amazon Translate | |
| AWS Trusted Advisor | |
| AWS API Usage | |
| AWS Site-to-Site VPN | ec2:DescribeVpnConnections |
| AWS WAF Classic | |
| AWS WAF | |
| Amazon WorkMail | workmail:ListOrganizations |
| Amazon WorkSpaces | workspaces:DescribeWorkspaces |
Example of JSON policy for one single service.
JSON policy for Amazon API Gateway
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"apigateway:GET",
"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"sts:GetCallerIdentity",
"tag:GetResources",
"tag:GetTagKeys",
"ec2:DescribeAvailabilityZones"
],
"Resource": "*"
}
]
}
In this example, from the complete list of permissions you need to select
"apigateway:GET"for Amazon API Gateway"cloudwatch:GetMetricData","cloudwatch:GetMetricStatistics","cloudwatch:ListMetrics","sts:GetCallerIdentity","tag:GetResources","tag:GetTagKeys", and"ec2:DescribeAvailabilityZones"for All AWS cloud services.
AWS endpoints that need to be reachable from ActiveGate with corresponding AWS services¶
| Endpoint | Service |
|---|---|
autoscaling.<REGION>.amazonaws.com |
Amazon EC2 Auto Scaling (built-in), Amazon EC2 Auto Scaling |
lambda.<REGION>.amazonaws.com |
AWS Lambda (built-in), AWS Lambda |
elasticloadbalancing.<REGION>.amazonaws.com |
Amazon Application and Network Load Balancer (built-in), Amazon Elastic Load Balancer (ELB) (built-in) |
dynamodb.<REGION>.amazonaws.com |
Amazon DynamoDB (built-in), Amazon DynamoDB |
ec2.<REGION>.amazonaws.com |
Amazon EBS (built-in), Amazon EC2 (built-in), Amazon EBS, Amazon EC2 Spot Fleet, Amazon VPC NAT Gateways, AWS Transit Gateway, AWS Site-to-Site VPN |
rds.<REGION>.amazonaws.com |
Amazon RDS (built-in), Amazon Aurora, Amazon DocumentDB, Amazon Neptune, Amazon RDS |
s3.<REGION>.amazonaws.com |
Amazon S3 (built-in) |
acm-pca.<REGION>.amazonaws.com |
AWS Certificate Manager Private Certificate Authority |
apigateway.<REGION>.amazonaws.com |
Amazon API Gateway |
apprunner.<REGION>.amazonaws.com |
AWS App Runner |
appstream2.<REGION>.amazonaws.com |
Amazon AppStream |
appsync.<REGION>.amazonaws.com |
AWS AppSync |
athena.<REGION>.amazonaws.com |
Amazon Athena |
cloudfront.amazonaws.com |
Amazon CloudFront |
cloudhsmv2.<REGION>.amazonaws.com |
AWS CloudHSM |
cloudsearch.<REGION>.amazonaws.com |
Amazon CloudSearch |
codebuild.<REGION>.amazonaws.com |
AWS CodeBuild |
datasync.<REGION>.amazonaws.com |
AWS DataSync |
dax.<REGION>.amazonaws.com |
Amazon DynamoDB Accelerator (DAX) |
dms.<REGION>.amazonaws.com |
AWS Database Migration Service (AWS DMS) |
directconnect.<REGION>.amazonaws.com |
AWS Direct Connect |
ecs.<REGION>.amazonaws.com |
Amazon Elastic Container Service (ECS), Amazon ECS Container Insights |
elasticfilesystem.<REGION>.amazonaws.com |
Amazon Elastic File System (EFS) |
eks.<REGION>.amazonaws.com |
Amazon Elastic Kubernetes Service (EKS) |
elasticache.<REGION>.amazonaws.com |
Amazon ElastiCache (EC) |
elasticbeanstalk.<REGION>.amazonaws.com |
AWS Elastic Beanstalk |
elastictranscoder.<REGION>.amazonaws.com |
Amazon Elastic Transcoder |
es.<REGION>.amazonaws.com |
Amazon Elasticsearch Service (ES) |
events.<REGION>.amazonaws.com |
Amazon EventBridge |
fsx.<REGION>.amazonaws.com |
Amazon FSx |
gamelift.<REGION>.amazonaws.com |
Amazon GameLift |
glue.<REGION>.amazonaws.com |
AWS Glue |
inspector.<REGION>.amazonaws.com |
Amazon Inspector |
kafka.<REGION>.amazonaws.com |
Amazon Managed Streaming for Kafka |
models.lex.<REGION>.amazonaws.com |
Amazon Lex |
logs.<REGION>.amazonaws.com |
Amazon CloudWatch Logs |
api.mediatailor.<REGION>.amazonaws.com |
AWS Elemental MediaTailor |
mediaconnect.<REGION>.amazonaws.com |
AWS Elemental MediaConnect |
mediapackage.<REGION>.amazonaws.com |
AWS Elemental MediaPackage Live |
mediapackage-vod.<REGION>.amazonaws.com |
AWS Elemental MediaPackage Video on Demand |
opsworks.<REGION>.amazonaws.com |
AWS OpsWorks |
qldb.<REGION>.amazonaws.com |
Amazon QLDB |
redshift.<REGION>.amazonaws.com |
Amazon Redshift |
robomaker.<REGION>.amazonaws.com |
AWS RoboMaker |
route53.amazonaws.com |
Amazon Route 53 |
route53resolver.<REGION>.amazonaws.com |
Amazon Route 53 Resolver |
api.sagemaker.<REGION>.amazonaws.com |
Amazon SageMaker Endpoints, Amazon SageMaker Endpoint Instances |
sns.<REGION>.amazonaws.com |
Amazon Simple Notification Service (SNS) |
sqs.<REGION>.amazonaws.com |
Amazon Simple Queue Service (SQS) |
storagegateway.<REGION>.amazonaws.com |
AWS Storage Gateway |
swf.<REGION>.amazonaws.com |
Amazon SWF |
transfer.<REGION>.amazonaws.com |
AWS Transfer Family |
workmail.<REGION>.amazonaws.com |
Amazon WorkMail |
workspaces.<REGION>.amazonaws.com |
Amazon WorkSpaces |
Enable monitoring¶
To learn how to enable service monitoring, see Enable service monitoring.
View service metrics¶
You can view the service metrics in your Dynatrace environment either on the custom device overview page or on your Dashboards page.
View metrics on the custom device overview page¶
To access the custom device overview page
- Go to
Technologies & Processes Classic. - Filter by service name and select the relevant custom device group.
- Once you select the custom device group, you're on the custom device group overview page.
- The custom device group overview page lists all instances (custom devices) belonging to the group. Select an instance to view the custom device overview page.
View metrics on your dashboard¶
After you add the service to monitoring, a preset dashboard containing all recommended metrics is automatically listed on your Dashboards page. To look for specific dashboards, filter by Preset and then by Name.

For existing monitored services, you might need to resave your credentials for the preset dashboard to appear on the Dashboards page. To resave your credentials, go to Settings > Cloud and virtualization > AWS, select the desired AWS instance, and then select Save.
You can't make changes on a preset dashboard directly, but you can clone and edit it. To clone a dashboard, open the browse menu (â¦) and select Clone.
To remove a dashboard from the dashboards page, you can hide it. To hide a dashboard, open the browse menu (â¦) and select Hide.
Hiding a dashboard doesn't affect other users.

To check the availability of preset dashboards for each AWS service, see the list below.
Preset dashboard availability list¶
| AWS service | Preset dashboard |
|---|---|
| Amazon EC2 Auto Scaling (built-in) | Not applicable |
| AWS Lambda (built-in) | Not applicable |
| Amazon Application and Network Load Balancer (built-in) | Not applicable |
| Amazon DynamoDB (built-in) | Not applicable |
| Amazon EBS (built-in) | Not applicable |
| Amazon EC2 (built-in) | Not applicable |
| Amazon Elastic Load Balancer (ELB) (built-in) | Not applicable |
| Amazon RDS (built-in) | Not applicable |
| Amazon S3 (built-in) | Not applicable |
| AWS Certificate Manager Private Certificate Authority | Not applicable |
| All monitored Amazon services | Not applicable |
| Amazon API Gateway | Not applicable |
| AWS App Runner | Not applicable |
| Amazon AppStream | Applicable |
| AWS AppSync | Applicable |
| Amazon Athena | Applicable |
| Amazon Aurora | Not applicable |
| Amazon EC2 Auto Scaling | Applicable |
| AWS Billing | Applicable |
| Amazon Keyspaces | Applicable |
| AWS Chatbot | Applicable |
| Amazon CloudFront | Not applicable |
| AWS CloudHSM | Applicable |
| Amazon CloudSearch | Applicable |
| AWS CodeBuild | Applicable |
| Amazon Cognito | Not applicable |
| Amazon Connect | Applicable |
| AWS DataSync | Applicable |
| Amazon DynamoDB Accelerator (DAX) | Applicable |
| AWS Database Migration Service (AWS DMS) | Applicable |
| Amazon DocumentDB | Applicable |
| AWS Direct Connect | Applicable |
| Amazon DynamoDB | Not applicable |
| Amazon EBS | Not applicable |
| Amazon EC2 Spot Fleet | Not applicable |
| Amazon EC2 API | Applicable |
| Amazon Elastic Container Service (ECS) | Not applicable |
| Amazon ECS Container Insights | Applicable |
| Amazon Elastic File System (EFS) | Not applicable |
| Amazon Elastic Kubernetes Service (EKS) | Applicable |
| Amazon ElastiCache (EC) | Not applicable |
| AWS Elastic Beanstalk | Applicable |
| Amazon Elastic Inference | Applicable |
| Amazon Elastic Transcoder | Applicable |
| Amazon Elastic Map Reduce (EMR) | Not applicable |
| Amazon Elasticsearch Service (ES) | Not applicable |
| Amazon EventBridge | Applicable |
| Amazon FSx | Applicable |
| Amazon GameLift | Applicable |
| AWS Glue | Not applicable |
| Amazon Inspector | Applicable |
| AWS Internet of Things (IoT) | Not applicable |
| AWS IoT Things Graph | Applicable |
| AWS IoT Analytics | Applicable |
| Amazon Managed Streaming for Kafka | Applicable |
| Amazon Kinesis Data Analytics | Not applicable |
| Amazon Data Firehose | Not applicable |
| Amazon Kinesis Data Streams | Not applicable |
| Amazon Kinesis Video Streams | Not applicable |
| AWS Lambda | Not applicable |
| Amazon Lex | Applicable |
| Amazon CloudWatch Logs | Applicable |
| AWS Elemental MediaTailor | Applicable |
| AWS Elemental MediaConnect | Applicable |
| AWS Elemental MediaConvert | Applicable |
| AWS Elemental MediaPackage Live | Applicable |
| AWS Elemental MediaPackage Video on Demand | Applicable |
| Amazon MQ | Applicable |
| Amazon VPC NAT Gateways | Not applicable |
| Amazon Neptune | Applicable |
| AWS OpsWorks | Applicable |
| Amazon Polly | Applicable |
| Amazon QLDB | Applicable |
| Amazon RDS | Not applicable |
| Amazon Redshift | Not applicable |
| Amazon Rekognition | Applicable |
| AWS RoboMaker | Applicable |
| Amazon Route 53 | Applicable |
| Amazon Route 53 Resolver | Applicable |
| Amazon S3 | Not applicable |
| Amazon SageMaker Batch Transform Jobs | Not applicable |
| Amazon SageMaker Endpoints | Not applicable |
| Amazon SageMaker Endpoint Instances | Not applicable |
| Amazon SageMaker Ground Truth | Not applicable |
| Amazon SageMaker Processing Jobs | Not applicable |
| Amazon SageMaker Training Jobs | Not applicable |
| AWS Service Catalog | Applicable |
| Amazon Simple Email Service (SES) | Not applicable |
| Amazon Simple Notification Service (SNS) | Not applicable |
| Amazon Simple Queue Service (SQS) | Not applicable |
| AWS Systems Manager - Run Command | Applicable |
| AWS Step Functions | Applicable |
| AWS Storage Gateway | Applicable |
| Amazon SWF | Applicable |
| Amazon Textract | Applicable |
| AWS Transfer Family | Applicable |
| AWS Transit Gateway | Applicable |
| Amazon Translate | Applicable |
| AWS Trusted Advisor | Applicable |
| AWS API Usage | Applicable |
| AWS Site-to-Site VPN | Applicable |
| AWS WAF Classic | Applicable |
| AWS WAF | Applicable |
| Amazon WorkMail | Applicable |
| Amazon WorkSpaces | Applicable |

Available metrics¶
StackId is the main dimension.
| Name | Description | Unit | Statistics | Dimensions | Recommended |
|---|---|---|---|---|---|
| cpu_idle | The percentage of time that the CPU is idle | Percent | Multi | StackId | Applicable |
| cpu_idle | Percent | Multi | Region, InstanceId | Applicable | |
| cpu_idle | Percent | Multi | Region, LayerId | Applicable | |
| cpu_nice | The percentage of time that the CPU is handling processes with a positive nice value, which have a lower scheduling priority |
Percent | Multi | StackId | Applicable |
| cpu_nice | Percent | Multi | Region, InstanceId | ||
| cpu_nice | Percent | Multi | Region, LayerId | ||
| cpu_steal | The percentage of time that an instance is waiting for the hypervisor to allocate physical CPU resources | Percent | Multi | StackId | Applicable |
| cpu_steal | Percent | Multi | Region, InstanceId | Applicable | |
| cpu_steal | Percent | Multi | Region, LayerId | Applicable | |
| cpu_system | The percentage of time that the CPU is handling system operations | Percent | Multi | StackId | Applicable |
| cpu_system | Percent | Multi | Region, InstanceId | ||
| cpu_system | Percent | Multi | Region, LayerId | ||
| cpu_user | The percentage of time that the CPU is handling user operations | Percent | Multi | StackId | Applicable |
| cpu_user | Percent | Multi | Region, InstanceId | Applicable | |
| cpu_user | Percent | Multi | Region, LayerId | Applicable | |
| cpu_waitio | The percentage of time that the CPU is waiting for input/output operations | Percent | Multi | StackId | Applicable |
| cpu_waitio | Percent | Multi | Region, InstanceId | ||
| cpu_waitio | Percent | Multi | Region, LayerId | ||
| load_1 | The load averaged over a one-minute window | None | Multi | StackId | |
| load_1 | None | Multi | Region, InstanceId | ||
| load_1 | None | Multi | Region, LayerId | ||
| load_5 | The load averaged over a five-minute window | None | Multi | StackId | Applicable |
| load_5 | None | Multi | Region, InstanceId | Applicable | |
| load_5 | None | Multi | Region, LayerId | Applicable | |
| load_15 | The load averaged over a 15-minute window | None | Multi | StackId | |
| load_15 | None | Multi | Region, InstanceId | ||
| load_15 | None | Multi | Region, LayerId | ||
| memory_buffers | The amount of buffered memory | None | Multi | StackId | Applicable |
| memory_buffers | None | Multi | Region, InstanceId | ||
| memory_buffers | None | Multi | Region, LayerId | ||
| memory_cached | The amount of cached memory | None | Multi | StackId | Applicable |
| memory_cached | None | Multi | Region, InstanceId | ||
| memory_cached | None | Multi | Region, LayerId | ||
| memory_free | The amount of free memory | None | Multi | StackId | Applicable |
| memory_free | None | Multi | Region, InstanceId | Applicable | |
| memory_free | None | Multi | Region, LayerId | Applicable | |
| memory_swap | The amount of swap space | None | Multi | StackId | Applicable |
| memory_swap | None | Multi | Region, InstanceId | ||
| memory_swap | None | Multi | Region, LayerId | ||
| memory_total | The total amount of memory | None | Multi | StackId | Applicable |
| memory_total | None | Multi | Region, InstanceId | Applicable | |
| memory_total | None | Multi | Region, LayerId | Applicable | |
| memory_used | The amount of memory in use | None | Multi | StackId | Applicable |
| memory_used | None | Multi | Region, InstanceId | Applicable | |
| memory_used | None | Multi | Region, LayerId | Applicable | |
| procs | The number of active processes | None | Multi | StackId | Applicable |
| procs | None | Multi | Region, InstanceId | Applicable | |
| procs | None | Multi | Region, LayerId | Applicable |
Source: aws-service-polly.md¶
title: Amazon Polly monitoring source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-with-aws/aws-all-services/aws-service-polly scraped: 2026-02-18T05:57:32.672913
Amazon Polly monitoring¶
Amazon Polly monitoring¶
- How-to guide
- 2-min read
- Published Jul 21, 2020
Dynatrace ingests metrics for multiple preselected namespaces, including Amazon Polly. You can view graphs per service instance, with a set of dimensions, and create custom graphs that you can pin to your dashboards.
Prerequisites¶
To enable monitoring for this service, you need
-
ActiveGate version 1.197+
-
For Dynatrace SaaS deployments, you need an Environment ActiveGate or a Multi-environment ActiveGate.
For role-based access in SaaS deployment, you need an Environment ActiveGate installed on an Amazon EC2 host.
- Dynatrace version 1.199+
- An updated AWS monitoring policy to include the additional AWS services.
To update the AWS IAM policy, use the JSON below, containing the monitoring policy (permissions) for all supporting services.
JSON predefined policy for all supporting services
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"acm-pca:ListCertificateAuthorities",
"apigateway:GET",
"apprunner:ListServices",
"appstream:DescribeFleets",
"appsync:ListGraphqlApis",
"athena:ListWorkGroups",
"autoscaling:DescribeAutoScalingGroups",
"cloudformation:ListStackResources",
"cloudfront:ListDistributions",
"cloudhsm:DescribeClusters",
"cloudsearch:DescribeDomains",
"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"codebuild:ListProjects",
"datasync:ListTasks",
"dax:DescribeClusters",
"directconnect:DescribeConnections",
"dms:DescribeReplicationInstances",
"dynamodb:ListTables",
"dynamodb:ListTagsOfResource",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeInstances",
"ec2:DescribeNatGateways",
"ec2:DescribeSpotFleetRequests",
"ec2:DescribeTransitGateways",
"ec2:DescribeVolumes",
"ec2:DescribeVpnConnections",
"ecs:ListClusters",
"eks:ListClusters",
"elasticache:DescribeCacheClusters",
"elasticbeanstalk:DescribeEnvironmentResources",
"elasticbeanstalk:DescribeEnvironments",
"elasticfilesystem:DescribeFileSystems",
"elasticloadbalancing:DescribeInstanceHealth",
"elasticloadbalancing:DescribeListeners",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeRules",
"elasticloadbalancing:DescribeTags",
"elasticloadbalancing:DescribeTargetHealth",
"elasticmapreduce:ListClusters",
"elastictranscoder:ListPipelines",
"es:ListDomainNames",
"events:ListEventBuses",
"firehose:ListDeliveryStreams",
"fsx:DescribeFileSystems",
"gamelift:ListFleets",
"glue:GetJobs",
"inspector:ListAssessmentTemplates",
"kafka:ListClusters",
"kinesis:ListStreams",
"kinesisanalytics:ListApplications",
"kinesisvideo:ListStreams",
"lambda:ListFunctions",
"lambda:ListTags",
"lex:GetBots",
"logs:DescribeLogGroups",
"mediaconnect:ListFlows",
"mediaconvert:DescribeEndpoints",
"mediapackage-vod:ListPackagingConfigurations",
"mediapackage:ListChannels",
"mediatailor:ListPlaybackConfigurations",
"opsworks:DescribeStacks",
"qldb:ListLedgers",
"rds:DescribeDBClusters",
"rds:DescribeDBInstances",
"rds:DescribeEvents",
"rds:ListTagsForResource",
"redshift:DescribeClusters",
"robomaker:ListSimulationJobs",
"route53:ListHostedZones",
"route53resolver:ListResolverEndpoints",
"s3:ListAllMyBuckets",
"sagemaker:ListEndpoints",
"sns:ListTopics",
"sqs:ListQueues",
"storagegateway:ListGateways",
"sts:GetCallerIdentity",
"swf:ListDomains",
"tag:GetResources",
"tag:GetTagKeys",
"transfer:ListServers",
"workmail:ListOrganizations",
"workspaces:DescribeWorkspaces"
],
"Resource": "*"
}
]
}
If you don't want to add permissions to all services, and just select permissions for certain services, consult the table below. The table contains a set of permissions that are required for All AWS cloud services and, for each supporting service, a list of optional permissions specific to that service.
Permissions required for AWS monitoring integration:
"cloudwatch:GetMetricData""cloudwatch:GetMetricStatistics""cloudwatch:ListMetrics""sts:GetCallerIdentity""tag:GetResources""tag:GetTagKeys""ec2:DescribeAvailabilityZones"
Complete list of permissions for cloud services¶
| Name | Permissions |
|---|---|
| All monitored Amazon services Required | cloudwatch:GetMetricData, cloudwatch:GetMetricStatistics, cloudwatch:ListMetrics, sts:GetCallerIdentity, tag:GetResources, tag:GetTagKeys, ec2:DescribeAvailabilityZones |
| AWS Certificate Manager Private Certificate Authority | acm-pca:ListCertificateAuthorities |
| Amazon MQ | |
| Amazon API Gateway | apigateway:GET |
| AWS App Runner | apprunner:ListServices |
| Amazon AppStream | appstream:DescribeFleets |
| AWS AppSync | appsync:ListGraphqlApis |
| Amazon Athena | athena:ListWorkGroups |
| Amazon Aurora | rds:DescribeDBClusters |
| Amazon EC2 Auto Scaling | autoscaling:DescribeAutoScalingGroups |
| Amazon EC2 Auto Scaling (built-in) | autoscaling:DescribeAutoScalingGroups |
| AWS Billing | |
| Amazon Keyspaces | |
| AWS Chatbot | |
| Amazon CloudFront | cloudfront:ListDistributions |
| AWS CloudHSM | cloudhsm:DescribeClusters |
| Amazon CloudSearch | cloudsearch:DescribeDomains |
| AWS CodeBuild | codebuild:ListProjects |
| Amazon Cognito | |
| Amazon Connect | |
| Amazon Elastic Kubernetes Service (EKS) | eks:ListClusters |
| AWS DataSync | datasync:ListTasks |
| Amazon DynamoDB Accelerator (DAX) | dax:DescribeClusters |
| AWS Database Migration Service (AWS DMS) | dms:DescribeReplicationInstances |
| Amazon DocumentDB | rds:DescribeDBClusters |
| AWS Direct Connect | directconnect:DescribeConnections |
| Amazon DynamoDB | dynamodb:ListTables |
| Amazon DynamoDB (built-in) | dynamodb:ListTables, dynamodb:ListTagsOfResource |
| Amazon EBS | ec2:DescribeVolumes |
| Amazon EBS (built-in) | ec2:DescribeVolumes |
| Amazon EC2 API | |
| Amazon EC2 (built-in) | ec2:DescribeInstances |
| Amazon EC2 Spot Fleet | ec2:DescribeSpotFleetRequests |
| Amazon Elastic Container Service (ECS) | ecs:ListClusters |
| Amazon ECS Container Insights | ecs:ListClusters |
| Amazon ElastiCache (EC) | elasticache:DescribeCacheClusters |
| AWS Elastic Beanstalk | elasticbeanstalk:DescribeEnvironments |
| Amazon Elastic File System (EFS) | elasticfilesystem:DescribeFileSystems |
| Amazon Elastic Inference | |
| Amazon Elastic Map Reduce (EMR) | elasticmapreduce:ListClusters |
| Amazon Elasticsearch Service (ES) | es:ListDomainNames |
| Amazon Elastic Transcoder | elastictranscoder:ListPipelines |
| Amazon Elastic Load Balancer (ELB) (built-in) | elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth |
| Amazon EventBridge | events:ListEventBuses |
| Amazon FSx | fsx:DescribeFileSystems |
| Amazon GameLift | gamelift:ListFleets |
| AWS Glue | glue:GetJobs |
| Amazon Inspector | inspector:ListAssessmentTemplates |
| AWS Internet of Things (IoT) | |
| AWS IoT Analytics | |
| Amazon Managed Streaming for Kafka | kafka:ListClusters |
| Amazon Kinesis Data Analytics | kinesisanalytics:ListApplications |
| Amazon Data Firehose | firehose:ListDeliveryStreams |
| Amazon Kinesis Data Streams | kinesis:ListStreams |
| Amazon Kinesis Video Streams | kinesisvideo:ListStreams |
| AWS Lambda | lambda:ListFunctions |
| AWS Lambda (built-in) | lambda:ListFunctions, lambda:ListTags |
| Amazon Lex | lex:GetBots |
| Amazon Application and Network Load Balancer (built-in) | elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth |
| Amazon CloudWatch Logs | logs:DescribeLogGroups |
| AWS Elemental MediaConnect | mediaconnect:ListFlows |
| AWS Elemental MediaConvert | mediaconvert:DescribeEndpoints |
| AWS Elemental MediaPackage Live | mediapackage:ListChannels |
| AWS Elemental MediaPackage Video on Demand | mediapackage-vod:ListPackagingConfigurations |
| AWS Elemental MediaTailor | mediatailor:ListPlaybackConfigurations |
| Amazon VPC NAT Gateways | ec2:DescribeNatGateways |
| Amazon Neptune | rds:DescribeDBClusters |
| AWS OpsWorks | opsworks:DescribeStacks |
| Amazon Polly | |
| Amazon QLDB | qldb:ListLedgers |
| Amazon RDS | rds:DescribeDBInstances |
| Amazon RDS (built-in) | rds:DescribeDBInstances, rds:DescribeEvents, rds:ListTagsForResource |
| Amazon Redshift | redshift:DescribeClusters |
| Amazon Rekognition | |
| AWS RoboMaker | robomaker:ListSimulationJobs |
| Amazon Route 53 | route53:ListHostedZones |
| Amazon Route 53 Resolver | route53resolver:ListResolverEndpoints |
| Amazon S3 | s3:ListAllMyBuckets |
| Amazon S3 (built-in) | s3:ListAllMyBuckets |
| Amazon SageMaker Batch Transform Jobs | |
| Amazon SageMaker Endpoint Instances | sagemaker:ListEndpoints |
| Amazon SageMaker Endpoints | sagemaker:ListEndpoints |
| Amazon SageMaker Ground Truth | |
| Amazon SageMaker Processing Jobs | |
| Amazon SageMaker Training Jobs | |
| AWS Service Catalog | |
| Amazon Simple Email Service (SES) | |
| Amazon Simple Notification Service (SNS) | sns:ListTopics |
| Amazon Simple Queue Service (SQS) | sqs:ListQueues |
| AWS Systems Manager - Run Command | |
| AWS Step Functions | |
| AWS Storage Gateway | storagegateway:ListGateways |
| Amazon SWF | swf:ListDomains |
| Amazon Textract | |
| AWS IoT Things Graph | |
| AWS Transfer Family | transfer:ListServers |
| AWS Transit Gateway | ec2:DescribeTransitGateways |
| Amazon Translate | |
| AWS Trusted Advisor | |
| AWS API Usage | |
| AWS Site-to-Site VPN | ec2:DescribeVpnConnections |
| AWS WAF Classic | |
| AWS WAF | |
| Amazon WorkMail | workmail:ListOrganizations |
| Amazon WorkSpaces | workspaces:DescribeWorkspaces |
Example of JSON policy for one single service.
JSON policy for Amazon API Gateway
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"apigateway:GET",
"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"sts:GetCallerIdentity",
"tag:GetResources",
"tag:GetTagKeys",
"ec2:DescribeAvailabilityZones"
],
"Resource": "*"
}
]
}
In this example, from the complete list of permissions you need to select
"apigateway:GET"for Amazon API Gateway"cloudwatch:GetMetricData","cloudwatch:GetMetricStatistics","cloudwatch:ListMetrics","sts:GetCallerIdentity","tag:GetResources","tag:GetTagKeys", and"ec2:DescribeAvailabilityZones"for All AWS cloud services.
View service metrics¶
You can view the service metrics in your Dynatrace environment either on the custom device overview page or on your Dashboards page.
View metrics on the custom device overview page¶
To access the custom device overview page
- Go to
Technologies & Processes Classic. - Filter by service name and select the relevant custom device group.
- Once you select the custom device group, you're on the custom device group overview page.
- The custom device group overview page lists all instances (custom devices) belonging to the group. Select an instance to view the custom device overview page.
View service metrics¶
You can view the service metrics in your Dynatrace environment either on the custom device overview page or on your Dashboards page.
View metrics on the custom device overview page¶
To access the custom device overview page
- Go to
Technologies & Processes Classic. - Filter by service name and select the relevant custom device group.
- Once you select the custom device group, you're on the custom device group overview page.
- The custom device group overview page lists all instances (custom devices) belonging to the group. Select an instance to view the custom device overview page.
For Amazon Polly, there are no instances (custom devices) on the custom device group overview page, the service itself being just an API that you can call. The service metrics are under the Further details section of the custom device group overview page, split By Operation and Region.
View metrics on your dashboard¶
After you add the service to monitoring, a preset dashboard containing all recommended metrics is automatically listed on your Dashboards page. To look for specific dashboards, filter by Preset and then by Name.

For existing monitored services, you might need to resave your credentials for the preset dashboard to appear on the Dashboards page. To resave your credentials, go to Settings > Cloud and virtualization > AWS, select the desired AWS instance, and then select Save.
You can't make changes on a preset dashboard directly, but you can clone and edit it. To clone a dashboard, open the browse menu (â¦) and select Clone.
To remove a dashboard from the dashboards page, you can hide it. To hide a dashboard, open the browse menu (â¦) and select Hide.
Hiding a dashboard doesn't affect other users.

To check the availability of preset dashboards for each AWS service, see the list below.
Preset dashboard availability list¶
| AWS service | Preset dashboard |
|---|---|
| Amazon EC2 Auto Scaling (built-in) | Not applicable |
| AWS Lambda (built-in) | Not applicable |
| Amazon Application and Network Load Balancer (built-in) | Not applicable |
| Amazon DynamoDB (built-in) | Not applicable |
| Amazon EBS (built-in) | Not applicable |
| Amazon EC2 (built-in) | Not applicable |
| Amazon Elastic Load Balancer (ELB) (built-in) | Not applicable |
| Amazon RDS (built-in) | Not applicable |
| Amazon S3 (built-in) | Not applicable |
| AWS Certificate Manager Private Certificate Authority | Not applicable |
| All monitored Amazon services | Not applicable |
| Amazon API Gateway | Not applicable |
| AWS App Runner | Not applicable |
| Amazon AppStream | Applicable |
| AWS AppSync | Applicable |
| Amazon Athena | Applicable |
| Amazon Aurora | Not applicable |
| Amazon EC2 Auto Scaling | Applicable |
| AWS Billing | Applicable |
| Amazon Keyspaces | Applicable |
| AWS Chatbot | Applicable |
| Amazon CloudFront | Not applicable |
| AWS CloudHSM | Applicable |
| Amazon CloudSearch | Applicable |
| AWS CodeBuild | Applicable |
| Amazon Cognito | Not applicable |
| Amazon Connect | Applicable |
| AWS DataSync | Applicable |
| Amazon DynamoDB Accelerator (DAX) | Applicable |
| AWS Database Migration Service (AWS DMS) | Applicable |
| Amazon DocumentDB | Applicable |
| AWS Direct Connect | Applicable |
| Amazon DynamoDB | Not applicable |
| Amazon EBS | Not applicable |
| Amazon EC2 Spot Fleet | Not applicable |
| Amazon EC2 API | Applicable |
| Amazon Elastic Container Service (ECS) | Not applicable |
| Amazon ECS Container Insights | Applicable |
| Amazon Elastic File System (EFS) | Not applicable |
| Amazon Elastic Kubernetes Service (EKS) | Applicable |
| Amazon ElastiCache (EC) | Not applicable |
| AWS Elastic Beanstalk | Applicable |
| Amazon Elastic Inference | Applicable |
| Amazon Elastic Transcoder | Applicable |
| Amazon Elastic Map Reduce (EMR) | Not applicable |
| Amazon Elasticsearch Service (ES) | Not applicable |
| Amazon EventBridge | Applicable |
| Amazon FSx | Applicable |
| Amazon GameLift | Applicable |
| AWS Glue | Not applicable |
| Amazon Inspector | Applicable |
| AWS Internet of Things (IoT) | Not applicable |
| AWS IoT Things Graph | Applicable |
| AWS IoT Analytics | Applicable |
| Amazon Managed Streaming for Kafka | Applicable |
| Amazon Kinesis Data Analytics | Not applicable |
| Amazon Data Firehose | Not applicable |
| Amazon Kinesis Data Streams | Not applicable |
| Amazon Kinesis Video Streams | Not applicable |
| AWS Lambda | Not applicable |
| Amazon Lex | Applicable |
| Amazon CloudWatch Logs | Applicable |
| AWS Elemental MediaTailor | Applicable |
| AWS Elemental MediaConnect | Applicable |
| AWS Elemental MediaConvert | Applicable |
| AWS Elemental MediaPackage Live | Applicable |
| AWS Elemental MediaPackage Video on Demand | Applicable |
| Amazon MQ | Applicable |
| Amazon VPC NAT Gateways | Not applicable |
| Amazon Neptune | Applicable |
| AWS OpsWorks | Applicable |
| Amazon Polly | Applicable |
| Amazon QLDB | Applicable |
| Amazon RDS | Not applicable |
| Amazon Redshift | Not applicable |
| Amazon Rekognition | Applicable |
| AWS RoboMaker | Applicable |
| Amazon Route 53 | Applicable |
| Amazon Route 53 Resolver | Applicable |
| Amazon S3 | Not applicable |
| Amazon SageMaker Batch Transform Jobs | Not applicable |
| Amazon SageMaker Endpoints | Not applicable |
| Amazon SageMaker Endpoint Instances | Not applicable |
| Amazon SageMaker Ground Truth | Not applicable |
| Amazon SageMaker Processing Jobs | Not applicable |
| Amazon SageMaker Training Jobs | Not applicable |
| AWS Service Catalog | Applicable |
| Amazon Simple Email Service (SES) | Not applicable |
| Amazon Simple Notification Service (SNS) | Not applicable |
| Amazon Simple Queue Service (SQS) | Not applicable |
| AWS Systems Manager - Run Command | Applicable |
| AWS Step Functions | Applicable |
| AWS Storage Gateway | Applicable |
| Amazon SWF | Applicable |
| Amazon Textract | Applicable |
| AWS Transfer Family | Applicable |
| AWS Transit Gateway | Applicable |
| Amazon Translate | Applicable |
| AWS Trusted Advisor | Applicable |
| AWS API Usage | Applicable |
| AWS Site-to-Site VPN | Applicable |
| AWS WAF Classic | Applicable |
| AWS WAF | Applicable |
| Amazon WorkMail | Applicable |
| Amazon WorkSpaces | Applicable |

Available metrics¶
| Name | Description | Unit | Statistics | Dimensions | Recommended |
|---|---|---|---|---|---|
| 4XXCount | HTTP 400 level error code returned upon an error | Count | Average | Region, Operation | Applicable |
| 4XXCount | Count | Sum | Region, Operation | Applicable | |
| 4XXCount | Count | Count | Region, Operation | ||
| 2XXCount | HTTP 200 level code returned upon a successful response | Count | Average | Region, Operation | Applicable |
| 2XXCount | Count | Sum | Region, Operation | Applicable | |
| 2XXCount | Count | Count | Region, Operation | ||
| 5XXCount | HTTP 500 level error code returned upon an error | Count | Average | Region, Operation | Applicable |
| 5XXCount | Count | Sum | Region, Operation | Applicable | |
| 5XXCount | Count | Count | Region, Operation | ||
| RequestCharacters | The number of characters in the request | Count | Multi | Region, Operation | Applicable |
| RequestCharacters | Count | Sum | Region, Operation | Applicable | |
| RequestCharacters | Count | Count | Region, Operation | ||
| ResponseLatency | The latency between the time when the request was made and the start of the streaming response | Milliseconds | Multi | Region, Operation | Applicable |
| ResponseLatency | Count | Count | Region, Operation | Applicable |
Source: aws-service-quantum-ledger-database-qldb.md¶
title: Amazon QLDB (Quantum Ledger Database) monitoring source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-with-aws/aws-all-services/aws-service-quantum-ledger-database-qldb scraped: 2026-02-17T05:11:08.553130
Amazon QLDB (Quantum Ledger Database) monitoring¶
Amazon QLDB (Quantum Ledger Database) monitoring¶
- How-to guide
- 3-min read
- Published Jul 21, 2020
Dynatrace ingests metrics for multiple preselected namespaces, including Amazon QLDB. You can view graphs per service instance, with a set of dimensions, and create custom graphs that you can pin to your dashboards.
Prerequisites¶
To enable monitoring for this service, you need
-
ActiveGate version 1.197+
-
For Dynatrace SaaS deployments, you need an Environment ActiveGate or a Multi-environment ActiveGate.
For role-based access in SaaS deployment, you need an Environment ActiveGate installed on an Amazon EC2 host.
- Dynatrace version 1.199+
- An updated AWS monitoring policy to include the additional AWS services.
To update the AWS IAM policy, use the JSON below, containing the monitoring policy (permissions) for all supporting services.
JSON predefined policy for all supporting services
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"acm-pca:ListCertificateAuthorities",
"apigateway:GET",
"apprunner:ListServices",
"appstream:DescribeFleets",
"appsync:ListGraphqlApis",
"athena:ListWorkGroups",
"autoscaling:DescribeAutoScalingGroups",
"cloudformation:ListStackResources",
"cloudfront:ListDistributions",
"cloudhsm:DescribeClusters",
"cloudsearch:DescribeDomains",
"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"codebuild:ListProjects",
"datasync:ListTasks",
"dax:DescribeClusters",
"directconnect:DescribeConnections",
"dms:DescribeReplicationInstances",
"dynamodb:ListTables",
"dynamodb:ListTagsOfResource",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeInstances",
"ec2:DescribeNatGateways",
"ec2:DescribeSpotFleetRequests",
"ec2:DescribeTransitGateways",
"ec2:DescribeVolumes",
"ec2:DescribeVpnConnections",
"ecs:ListClusters",
"eks:ListClusters",
"elasticache:DescribeCacheClusters",
"elasticbeanstalk:DescribeEnvironmentResources",
"elasticbeanstalk:DescribeEnvironments",
"elasticfilesystem:DescribeFileSystems",
"elasticloadbalancing:DescribeInstanceHealth",
"elasticloadbalancing:DescribeListeners",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeRules",
"elasticloadbalancing:DescribeTags",
"elasticloadbalancing:DescribeTargetHealth",
"elasticmapreduce:ListClusters",
"elastictranscoder:ListPipelines",
"es:ListDomainNames",
"events:ListEventBuses",
"firehose:ListDeliveryStreams",
"fsx:DescribeFileSystems",
"gamelift:ListFleets",
"glue:GetJobs",
"inspector:ListAssessmentTemplates",
"kafka:ListClusters",
"kinesis:ListStreams",
"kinesisanalytics:ListApplications",
"kinesisvideo:ListStreams",
"lambda:ListFunctions",
"lambda:ListTags",
"lex:GetBots",
"logs:DescribeLogGroups",
"mediaconnect:ListFlows",
"mediaconvert:DescribeEndpoints",
"mediapackage-vod:ListPackagingConfigurations",
"mediapackage:ListChannels",
"mediatailor:ListPlaybackConfigurations",
"opsworks:DescribeStacks",
"qldb:ListLedgers",
"rds:DescribeDBClusters",
"rds:DescribeDBInstances",
"rds:DescribeEvents",
"rds:ListTagsForResource",
"redshift:DescribeClusters",
"robomaker:ListSimulationJobs",
"route53:ListHostedZones",
"route53resolver:ListResolverEndpoints",
"s3:ListAllMyBuckets",
"sagemaker:ListEndpoints",
"sns:ListTopics",
"sqs:ListQueues",
"storagegateway:ListGateways",
"sts:GetCallerIdentity",
"swf:ListDomains",
"tag:GetResources",
"tag:GetTagKeys",
"transfer:ListServers",
"workmail:ListOrganizations",
"workspaces:DescribeWorkspaces"
],
"Resource": "*"
}
]
}
If you don't want to add permissions to all services, and just select permissions for certain services, consult the table below. The table contains a set of permissions that are required for All AWS cloud services and, for each supporting service, a list of optional permissions specific to that service.
Permissions required for AWS monitoring integration:
"cloudwatch:GetMetricData""cloudwatch:GetMetricStatistics""cloudwatch:ListMetrics""sts:GetCallerIdentity""tag:GetResources""tag:GetTagKeys""ec2:DescribeAvailabilityZones"
Complete list of permissions for cloud services¶
| Name | Permissions |
|---|---|
| All monitored Amazon services Required | cloudwatch:GetMetricData, cloudwatch:GetMetricStatistics, cloudwatch:ListMetrics, sts:GetCallerIdentity, tag:GetResources, tag:GetTagKeys, ec2:DescribeAvailabilityZones |
| AWS Certificate Manager Private Certificate Authority | acm-pca:ListCertificateAuthorities |
| Amazon MQ | |
| Amazon API Gateway | apigateway:GET |
| AWS App Runner | apprunner:ListServices |
| Amazon AppStream | appstream:DescribeFleets |
| AWS AppSync | appsync:ListGraphqlApis |
| Amazon Athena | athena:ListWorkGroups |
| Amazon Aurora | rds:DescribeDBClusters |
| Amazon EC2 Auto Scaling | autoscaling:DescribeAutoScalingGroups |
| Amazon EC2 Auto Scaling (built-in) | autoscaling:DescribeAutoScalingGroups |
| AWS Billing | |
| Amazon Keyspaces | |
| AWS Chatbot | |
| Amazon CloudFront | cloudfront:ListDistributions |
| AWS CloudHSM | cloudhsm:DescribeClusters |
| Amazon CloudSearch | cloudsearch:DescribeDomains |
| AWS CodeBuild | codebuild:ListProjects |
| Amazon Cognito | |
| Amazon Connect | |
| Amazon Elastic Kubernetes Service (EKS) | eks:ListClusters |
| AWS DataSync | datasync:ListTasks |
| Amazon DynamoDB Accelerator (DAX) | dax:DescribeClusters |
| AWS Database Migration Service (AWS DMS) | dms:DescribeReplicationInstances |
| Amazon DocumentDB | rds:DescribeDBClusters |
| AWS Direct Connect | directconnect:DescribeConnections |
| Amazon DynamoDB | dynamodb:ListTables |
| Amazon DynamoDB (built-in) | dynamodb:ListTables, dynamodb:ListTagsOfResource |
| Amazon EBS | ec2:DescribeVolumes |
| Amazon EBS (built-in) | ec2:DescribeVolumes |
| Amazon EC2 API | |
| Amazon EC2 (built-in) | ec2:DescribeInstances |
| Amazon EC2 Spot Fleet | ec2:DescribeSpotFleetRequests |
| Amazon Elastic Container Service (ECS) | ecs:ListClusters |
| Amazon ECS Container Insights | ecs:ListClusters |
| Amazon ElastiCache (EC) | elasticache:DescribeCacheClusters |
| AWS Elastic Beanstalk | elasticbeanstalk:DescribeEnvironments |
| Amazon Elastic File System (EFS) | elasticfilesystem:DescribeFileSystems |
| Amazon Elastic Inference | |
| Amazon Elastic Map Reduce (EMR) | elasticmapreduce:ListClusters |
| Amazon Elasticsearch Service (ES) | es:ListDomainNames |
| Amazon Elastic Transcoder | elastictranscoder:ListPipelines |
| Amazon Elastic Load Balancer (ELB) (built-in) | elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth |
| Amazon EventBridge | events:ListEventBuses |
| Amazon FSx | fsx:DescribeFileSystems |
| Amazon GameLift | gamelift:ListFleets |
| AWS Glue | glue:GetJobs |
| Amazon Inspector | inspector:ListAssessmentTemplates |
| AWS Internet of Things (IoT) | |
| AWS IoT Analytics | |
| Amazon Managed Streaming for Kafka | kafka:ListClusters |
| Amazon Kinesis Data Analytics | kinesisanalytics:ListApplications |
| Amazon Data Firehose | firehose:ListDeliveryStreams |
| Amazon Kinesis Data Streams | kinesis:ListStreams |
| Amazon Kinesis Video Streams | kinesisvideo:ListStreams |
| AWS Lambda | lambda:ListFunctions |
| AWS Lambda (built-in) | lambda:ListFunctions, lambda:ListTags |
| Amazon Lex | lex:GetBots |
| Amazon Application and Network Load Balancer (built-in) | elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth |
| Amazon CloudWatch Logs | logs:DescribeLogGroups |
| AWS Elemental MediaConnect | mediaconnect:ListFlows |
| AWS Elemental MediaConvert | mediaconvert:DescribeEndpoints |
| AWS Elemental MediaPackage Live | mediapackage:ListChannels |
| AWS Elemental MediaPackage Video on Demand | mediapackage-vod:ListPackagingConfigurations |
| AWS Elemental MediaTailor | mediatailor:ListPlaybackConfigurations |
| Amazon VPC NAT Gateways | ec2:DescribeNatGateways |
| Amazon Neptune | rds:DescribeDBClusters |
| AWS OpsWorks | opsworks:DescribeStacks |
| Amazon Polly | |
| Amazon QLDB | qldb:ListLedgers |
| Amazon RDS | rds:DescribeDBInstances |
| Amazon RDS (built-in) | rds:DescribeDBInstances, rds:DescribeEvents, rds:ListTagsForResource |
| Amazon Redshift | redshift:DescribeClusters |
| Amazon Rekognition | |
| AWS RoboMaker | robomaker:ListSimulationJobs |
| Amazon Route 53 | route53:ListHostedZones |
| Amazon Route 53 Resolver | route53resolver:ListResolverEndpoints |
| Amazon S3 | s3:ListAllMyBuckets |
| Amazon S3 (built-in) | s3:ListAllMyBuckets |
| Amazon SageMaker Batch Transform Jobs | |
| Amazon SageMaker Endpoint Instances | sagemaker:ListEndpoints |
| Amazon SageMaker Endpoints | sagemaker:ListEndpoints |
| Amazon SageMaker Ground Truth | |
| Amazon SageMaker Processing Jobs | |
| Amazon SageMaker Training Jobs | |
| AWS Service Catalog | |
| Amazon Simple Email Service (SES) | |
| Amazon Simple Notification Service (SNS) | sns:ListTopics |
| Amazon Simple Queue Service (SQS) | sqs:ListQueues |
| AWS Systems Manager - Run Command | |
| AWS Step Functions | |
| AWS Storage Gateway | storagegateway:ListGateways |
| Amazon SWF | swf:ListDomains |
| Amazon Textract | |
| AWS IoT Things Graph | |
| AWS Transfer Family | transfer:ListServers |
| AWS Transit Gateway | ec2:DescribeTransitGateways |
| Amazon Translate | |
| AWS Trusted Advisor | |
| AWS API Usage | |
| AWS Site-to-Site VPN | ec2:DescribeVpnConnections |
| AWS WAF Classic | |
| AWS WAF | |
| Amazon WorkMail | workmail:ListOrganizations |
| Amazon WorkSpaces | workspaces:DescribeWorkspaces |
Example of JSON policy for one single service.
JSON policy for Amazon API Gateway
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"apigateway:GET",
"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"sts:GetCallerIdentity",
"tag:GetResources",
"tag:GetTagKeys",
"ec2:DescribeAvailabilityZones"
],
"Resource": "*"
}
]
}
In this example, from the complete list of permissions you need to select
"apigateway:GET"for Amazon API Gateway"cloudwatch:GetMetricData","cloudwatch:GetMetricStatistics","cloudwatch:ListMetrics","sts:GetCallerIdentity","tag:GetResources","tag:GetTagKeys", and"ec2:DescribeAvailabilityZones"for All AWS cloud services.
AWS endpoints that need to be reachable from ActiveGate with corresponding AWS services¶
| Endpoint | Service |
|---|---|
autoscaling.<REGION>.amazonaws.com |
Amazon EC2 Auto Scaling (built-in), Amazon EC2 Auto Scaling |
lambda.<REGION>.amazonaws.com |
AWS Lambda (built-in), AWS Lambda |
elasticloadbalancing.<REGION>.amazonaws.com |
Amazon Application and Network Load Balancer (built-in), Amazon Elastic Load Balancer (ELB) (built-in) |
dynamodb.<REGION>.amazonaws.com |
Amazon DynamoDB (built-in), Amazon DynamoDB |
ec2.<REGION>.amazonaws.com |
Amazon EBS (built-in), Amazon EC2 (built-in), Amazon EBS, Amazon EC2 Spot Fleet, Amazon VPC NAT Gateways, AWS Transit Gateway, AWS Site-to-Site VPN |
rds.<REGION>.amazonaws.com |
Amazon RDS (built-in), Amazon Aurora, Amazon DocumentDB, Amazon Neptune, Amazon RDS |
s3.<REGION>.amazonaws.com |
Amazon S3 (built-in) |
acm-pca.<REGION>.amazonaws.com |
AWS Certificate Manager Private Certificate Authority |
apigateway.<REGION>.amazonaws.com |
Amazon API Gateway |
apprunner.<REGION>.amazonaws.com |
AWS App Runner |
appstream2.<REGION>.amazonaws.com |
Amazon AppStream |
appsync.<REGION>.amazonaws.com |
AWS AppSync |
athena.<REGION>.amazonaws.com |
Amazon Athena |
cloudfront.amazonaws.com |
Amazon CloudFront |
cloudhsmv2.<REGION>.amazonaws.com |
AWS CloudHSM |
cloudsearch.<REGION>.amazonaws.com |
Amazon CloudSearch |
codebuild.<REGION>.amazonaws.com |
AWS CodeBuild |
datasync.<REGION>.amazonaws.com |
AWS DataSync |
dax.<REGION>.amazonaws.com |
Amazon DynamoDB Accelerator (DAX) |
dms.<REGION>.amazonaws.com |
AWS Database Migration Service (AWS DMS) |
directconnect.<REGION>.amazonaws.com |
AWS Direct Connect |
ecs.<REGION>.amazonaws.com |
Amazon Elastic Container Service (ECS), Amazon ECS Container Insights |
elasticfilesystem.<REGION>.amazonaws.com |
Amazon Elastic File System (EFS) |
eks.<REGION>.amazonaws.com |
Amazon Elastic Kubernetes Service (EKS) |
elasticache.<REGION>.amazonaws.com |
Amazon ElastiCache (EC) |
elasticbeanstalk.<REGION>.amazonaws.com |
AWS Elastic Beanstalk |
elastictranscoder.<REGION>.amazonaws.com |
Amazon Elastic Transcoder |
es.<REGION>.amazonaws.com |
Amazon Elasticsearch Service (ES) |
events.<REGION>.amazonaws.com |
Amazon EventBridge |
fsx.<REGION>.amazonaws.com |
Amazon FSx |
gamelift.<REGION>.amazonaws.com |
Amazon GameLift |
glue.<REGION>.amazonaws.com |
AWS Glue |
inspector.<REGION>.amazonaws.com |
Amazon Inspector |
kafka.<REGION>.amazonaws.com |
Amazon Managed Streaming for Kafka |
models.lex.<REGION>.amazonaws.com |
Amazon Lex |
logs.<REGION>.amazonaws.com |
Amazon CloudWatch Logs |
api.mediatailor.<REGION>.amazonaws.com |
AWS Elemental MediaTailor |
mediaconnect.<REGION>.amazonaws.com |
AWS Elemental MediaConnect |
mediapackage.<REGION>.amazonaws.com |
AWS Elemental MediaPackage Live |
mediapackage-vod.<REGION>.amazonaws.com |
AWS Elemental MediaPackage Video on Demand |
opsworks.<REGION>.amazonaws.com |
AWS OpsWorks |
qldb.<REGION>.amazonaws.com |
Amazon QLDB |
redshift.<REGION>.amazonaws.com |
Amazon Redshift |
robomaker.<REGION>.amazonaws.com |
AWS RoboMaker |
route53.amazonaws.com |
Amazon Route 53 |
route53resolver.<REGION>.amazonaws.com |
Amazon Route 53 Resolver |
api.sagemaker.<REGION>.amazonaws.com |
Amazon SageMaker Endpoints, Amazon SageMaker Endpoint Instances |
sns.<REGION>.amazonaws.com |
Amazon Simple Notification Service (SNS) |
sqs.<REGION>.amazonaws.com |
Amazon Simple Queue Service (SQS) |
storagegateway.<REGION>.amazonaws.com |
AWS Storage Gateway |
swf.<REGION>.amazonaws.com |
Amazon SWF |
transfer.<REGION>.amazonaws.com |
AWS Transfer Family |
workmail.<REGION>.amazonaws.com |
Amazon WorkMail |
workspaces.<REGION>.amazonaws.com |
Amazon WorkSpaces |
View service metrics¶
You can view the service metrics in your Dynatrace environment either on the custom device overview page or on your Dashboards page.
View metrics on the custom device overview page¶
To access the custom device overview page
- Go to
Technologies & Processes Classic. - Filter by service name and select the relevant custom device group.
- Once you select the custom device group, you're on the custom device group overview page.
- The custom device group overview page lists all instances (custom devices) belonging to the group. Select an instance to view the custom device overview page.
View service metrics¶
You can view the service metrics in your Dynatrace environment either on the custom device overview page or on your Dashboards page.
View metrics on the custom device overview page¶
To access the custom device overview page
- Go to
Technologies & Processes Classic. - Filter by service name and select the relevant custom device group.
- Once you select the custom device group, you're on the custom device group overview page.
- The custom device group overview page lists all instances (custom devices) belonging to the group. Select an instance to view the custom device overview page.
Amazon QLDB service shows on the custom device group page. The service is made up of instances (custom devices) called ledgers. You can view metrics for each custom device in the Further details section of the custom device overview page, split by Streams and Command types.
View metrics on your dashboard¶
After you add the service to monitoring, a preset dashboard containing all recommended metrics is automatically listed on your Dashboards page. To look for specific dashboards, filter by Preset and then by Name.

For existing monitored services, you might need to resave your credentials for the preset dashboard to appear on the Dashboards page. To resave your credentials, go to Settings > Cloud and virtualization > AWS, select the desired AWS instance, and then select Save.
You can't make changes on a preset dashboard directly, but you can clone and edit it. To clone a dashboard, open the browse menu (â¦) and select Clone.
To remove a dashboard from the dashboards page, you can hide it. To hide a dashboard, open the browse menu (â¦) and select Hide.
Hiding a dashboard doesn't affect other users.

To check the availability of preset dashboards for each AWS service, see the list below.
Preset dashboard availability list¶
| AWS service | Preset dashboard |
|---|---|
| Amazon EC2 Auto Scaling (built-in) | Not applicable |
| AWS Lambda (built-in) | Not applicable |
| Amazon Application and Network Load Balancer (built-in) | Not applicable |
| Amazon DynamoDB (built-in) | Not applicable |
| Amazon EBS (built-in) | Not applicable |
| Amazon EC2 (built-in) | Not applicable |
| Amazon Elastic Load Balancer (ELB) (built-in) | Not applicable |
| Amazon RDS (built-in) | Not applicable |
| Amazon S3 (built-in) | Not applicable |
| AWS Certificate Manager Private Certificate Authority | Not applicable |
| All monitored Amazon services | Not applicable |
| Amazon API Gateway | Not applicable |
| AWS App Runner | Not applicable |
| Amazon AppStream | Applicable |
| AWS AppSync | Applicable |
| Amazon Athena | Applicable |
| Amazon Aurora | Not applicable |
| Amazon EC2 Auto Scaling | Applicable |
| AWS Billing | Applicable |
| Amazon Keyspaces | Applicable |
| AWS Chatbot | Applicable |
| Amazon CloudFront | Not applicable |
| AWS CloudHSM | Applicable |
| Amazon CloudSearch | Applicable |
| AWS CodeBuild | Applicable |
| Amazon Cognito | Not applicable |
| Amazon Connect | Applicable |
| AWS DataSync | Applicable |
| Amazon DynamoDB Accelerator (DAX) | Applicable |
| AWS Database Migration Service (AWS DMS) | Applicable |
| Amazon DocumentDB | Applicable |
| AWS Direct Connect | Applicable |
| Amazon DynamoDB | Not applicable |
| Amazon EBS | Not applicable |
| Amazon EC2 Spot Fleet | Not applicable |
| Amazon EC2 API | Applicable |
| Amazon Elastic Container Service (ECS) | Not applicable |
| Amazon ECS Container Insights | Applicable |
| Amazon Elastic File System (EFS) | Not applicable |
| Amazon Elastic Kubernetes Service (EKS) | Applicable |
| Amazon ElastiCache (EC) | Not applicable |
| AWS Elastic Beanstalk | Applicable |
| Amazon Elastic Inference | Applicable |
| Amazon Elastic Transcoder | Applicable |
| Amazon Elastic Map Reduce (EMR) | Not applicable |
| Amazon Elasticsearch Service (ES) | Not applicable |
| Amazon EventBridge | Applicable |
| Amazon FSx | Applicable |
| Amazon GameLift | Applicable |
| AWS Glue | Not applicable |
| Amazon Inspector | Applicable |
| AWS Internet of Things (IoT) | Not applicable |
| AWS IoT Things Graph | Applicable |
| AWS IoT Analytics | Applicable |
| Amazon Managed Streaming for Kafka | Applicable |
| Amazon Kinesis Data Analytics | Not applicable |
| Amazon Data Firehose | Not applicable |
| Amazon Kinesis Data Streams | Not applicable |
| Amazon Kinesis Video Streams | Not applicable |
| AWS Lambda | Not applicable |
| Amazon Lex | Applicable |
| Amazon CloudWatch Logs | Applicable |
| AWS Elemental MediaTailor | Applicable |
| AWS Elemental MediaConnect | Applicable |
| AWS Elemental MediaConvert | Applicable |
| AWS Elemental MediaPackage Live | Applicable |
| AWS Elemental MediaPackage Video on Demand | Applicable |
| Amazon MQ | Applicable |
| Amazon VPC NAT Gateways | Not applicable |
| Amazon Neptune | Applicable |
| AWS OpsWorks | Applicable |
| Amazon Polly | Applicable |
| Amazon QLDB | Applicable |
| Amazon RDS | Not applicable |
| Amazon Redshift | Not applicable |
| Amazon Rekognition | Applicable |
| AWS RoboMaker | Applicable |
| Amazon Route 53 | Applicable |
| Amazon Route 53 Resolver | Applicable |
| Amazon S3 | Not applicable |
| Amazon SageMaker Batch Transform Jobs | Not applicable |
| Amazon SageMaker Endpoints | Not applicable |
| Amazon SageMaker Endpoint Instances | Not applicable |
| Amazon SageMaker Ground Truth | Not applicable |
| Amazon SageMaker Processing Jobs | Not applicable |
| Amazon SageMaker Training Jobs | Not applicable |
| AWS Service Catalog | Applicable |
| Amazon Simple Email Service (SES) | Not applicable |
| Amazon Simple Notification Service (SNS) | Not applicable |
| Amazon Simple Queue Service (SQS) | Not applicable |
| AWS Systems Manager - Run Command | Applicable |
| AWS Step Functions | Applicable |
| AWS Storage Gateway | Applicable |
| Amazon SWF | Applicable |
| Amazon Textract | Applicable |
| AWS Transfer Family | Applicable |
| AWS Transit Gateway | Applicable |
| Amazon Translate | Applicable |
| AWS Trusted Advisor | Applicable |
| AWS API Usage | Applicable |
| AWS Site-to-Site VPN | Applicable |
| AWS WAF Classic | Applicable |
| AWS WAF | Applicable |
| Amazon WorkMail | Applicable |
| Amazon WorkSpaces | Applicable |

Available metrics¶
About dimensions
- LedgerName limits the data to a specific ledger. This value can be any ledger name in the current AWS Region and the current AWS account.
- StreamId limits the data to a specific journal stream. This value can be any stream ID for a ledger in the current AWS Region and the current AWS account.
- CommandType limits the data to one of the following QLDB data API commands:
AbortTransaction,CommitTransaction,EndSession,ExecuteStatement,FetchPage,StartSession,StartTransaction.
LedgerName is the main dimension.
| Name | Description | Unit | Statistics | Dimensions | Recommended |
|---|---|---|---|---|---|
| CommandLatency | The amount of time taken for data operations, reported in one-minute intervals | Milliseconds | Multi | LedgerName, CommandType | Applicable |
| IndexedStorage | The total amount of disk space used by the ledger's tables, indexes, and indexed history, reported in 15-minute intervals | Bytes | Multi | LedgerName | Applicable |
| IsImpaired | The flag that indicates if a journal stream to Kinesis Data Streams is impaired, reported in one-minute intervals | Count | Maximum | LedgerName, StreamId | Applicable |
| JournalStorage | The total amount of disk space used by the ledger's journal, reported in 15-minute intervals | Bytes | Multi | LedgerName | Applicable |
| OccConflictExceptions | The number of requests to QLDB that generate an OccConflictException |
Count | Sum | LedgerName | Applicable |
| ReadIOs | The number of disk read I/O operations, reported in one-minute intervals | Count | Sum | LedgerName | Applicable |
| ReadIOs | Count | Multi | LedgerName | Applicable | |
| SessionRateExceededExceptions | The number of requests to QLDB that generate a SessionRateExceededException |
Count | Sum | LedgerName | Applicable |
| Session4xxExceptions | The number of requests to QLDB that generate an HTTP 4xx error | Count | Sum | LedgerName | Applicable |
| Session5xxExceptions | The number of requests to QLDB that generate an HTTP 5xx error | Count | Sum | LedgerName | Applicable |
| WriteIOs | The number of disk write I/O operations, reported in one-minute intervals | Count | Sum | LedgerName | Applicable |
| WriteIOs | Count | Multi | LedgerName | Applicable |
Source: aws-service-rekognition.md¶
title: Amazon Rekognition monitoring source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-with-aws/aws-all-services/aws-service-rekognition scraped: 2026-02-18T05:46:50.859894
Amazon Rekognition monitoring¶
Amazon Rekognition monitoring¶
- How-to guide
- 2-min read
- Published Jul 06, 2020
Dynatrace ingests metrics for multiple preselected namespaces, including Amazon Rekognition. You can view metrics for each service instance, split metrics into multiple dimensions, and create custom charts that you can pin to your dashboards.
Prerequisites¶
To enable monitoring for this service, you need
-
ActiveGate version 1.197+
-
For Dynatrace SaaS deployments, you need an Environment ActiveGate or a Multi-environment ActiveGate.
For role-based access in SaaS deployment, you need an Environment ActiveGate installed on an Amazon EC2 host.
- Dynatrace version 1.200+
- An updated AWS monitoring policy to include the additional AWS services.
To update the AWS IAM policy, use the JSON below, containing the monitoring policy (permissions) for all supporting services.
JSON predefined policy for all supporting services
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"acm-pca:ListCertificateAuthorities",
"apigateway:GET",
"apprunner:ListServices",
"appstream:DescribeFleets",
"appsync:ListGraphqlApis",
"athena:ListWorkGroups",
"autoscaling:DescribeAutoScalingGroups",
"cloudformation:ListStackResources",
"cloudfront:ListDistributions",
"cloudhsm:DescribeClusters",
"cloudsearch:DescribeDomains",
"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"codebuild:ListProjects",
"datasync:ListTasks",
"dax:DescribeClusters",
"directconnect:DescribeConnections",
"dms:DescribeReplicationInstances",
"dynamodb:ListTables",
"dynamodb:ListTagsOfResource",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeInstances",
"ec2:DescribeNatGateways",
"ec2:DescribeSpotFleetRequests",
"ec2:DescribeTransitGateways",
"ec2:DescribeVolumes",
"ec2:DescribeVpnConnections",
"ecs:ListClusters",
"eks:ListClusters",
"elasticache:DescribeCacheClusters",
"elasticbeanstalk:DescribeEnvironmentResources",
"elasticbeanstalk:DescribeEnvironments",
"elasticfilesystem:DescribeFileSystems",
"elasticloadbalancing:DescribeInstanceHealth",
"elasticloadbalancing:DescribeListeners",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeRules",
"elasticloadbalancing:DescribeTags",
"elasticloadbalancing:DescribeTargetHealth",
"elasticmapreduce:ListClusters",
"elastictranscoder:ListPipelines",
"es:ListDomainNames",
"events:ListEventBuses",
"firehose:ListDeliveryStreams",
"fsx:DescribeFileSystems",
"gamelift:ListFleets",
"glue:GetJobs",
"inspector:ListAssessmentTemplates",
"kafka:ListClusters",
"kinesis:ListStreams",
"kinesisanalytics:ListApplications",
"kinesisvideo:ListStreams",
"lambda:ListFunctions",
"lambda:ListTags",
"lex:GetBots",
"logs:DescribeLogGroups",
"mediaconnect:ListFlows",
"mediaconvert:DescribeEndpoints",
"mediapackage-vod:ListPackagingConfigurations",
"mediapackage:ListChannels",
"mediatailor:ListPlaybackConfigurations",
"opsworks:DescribeStacks",
"qldb:ListLedgers",
"rds:DescribeDBClusters",
"rds:DescribeDBInstances",
"rds:DescribeEvents",
"rds:ListTagsForResource",
"redshift:DescribeClusters",
"robomaker:ListSimulationJobs",
"route53:ListHostedZones",
"route53resolver:ListResolverEndpoints",
"s3:ListAllMyBuckets",
"sagemaker:ListEndpoints",
"sns:ListTopics",
"sqs:ListQueues",
"storagegateway:ListGateways",
"sts:GetCallerIdentity",
"swf:ListDomains",
"tag:GetResources",
"tag:GetTagKeys",
"transfer:ListServers",
"workmail:ListOrganizations",
"workspaces:DescribeWorkspaces"
],
"Resource": "*"
}
]
}
If you don't want to add permissions to all services, and just select permissions for certain services, consult the table below. The table contains a set of permissions that are required for All AWS cloud services and, for each supporting service, a list of optional permissions specific to that service.
Permissions required for AWS monitoring integration:
"cloudwatch:GetMetricData""cloudwatch:GetMetricStatistics""cloudwatch:ListMetrics""sts:GetCallerIdentity""tag:GetResources""tag:GetTagKeys""ec2:DescribeAvailabilityZones"
Complete list of permissions for cloud services¶
| Name | Permissions |
|---|---|
| All monitored Amazon services Required | cloudwatch:GetMetricData, cloudwatch:GetMetricStatistics, cloudwatch:ListMetrics, sts:GetCallerIdentity, tag:GetResources, tag:GetTagKeys, ec2:DescribeAvailabilityZones |
| AWS Certificate Manager Private Certificate Authority | acm-pca:ListCertificateAuthorities |
| Amazon MQ | |
| Amazon API Gateway | apigateway:GET |
| AWS App Runner | apprunner:ListServices |
| Amazon AppStream | appstream:DescribeFleets |
| AWS AppSync | appsync:ListGraphqlApis |
| Amazon Athena | athena:ListWorkGroups |
| Amazon Aurora | rds:DescribeDBClusters |
| Amazon EC2 Auto Scaling | autoscaling:DescribeAutoScalingGroups |
| Amazon EC2 Auto Scaling (built-in) | autoscaling:DescribeAutoScalingGroups |
| AWS Billing | |
| Amazon Keyspaces | |
| AWS Chatbot | |
| Amazon CloudFront | cloudfront:ListDistributions |
| AWS CloudHSM | cloudhsm:DescribeClusters |
| Amazon CloudSearch | cloudsearch:DescribeDomains |
| AWS CodeBuild | codebuild:ListProjects |
| Amazon Cognito | |
| Amazon Connect | |
| Amazon Elastic Kubernetes Service (EKS) | eks:ListClusters |
| AWS DataSync | datasync:ListTasks |
| Amazon DynamoDB Accelerator (DAX) | dax:DescribeClusters |
| AWS Database Migration Service (AWS DMS) | dms:DescribeReplicationInstances |
| Amazon DocumentDB | rds:DescribeDBClusters |
| AWS Direct Connect | directconnect:DescribeConnections |
| Amazon DynamoDB | dynamodb:ListTables |
| Amazon DynamoDB (built-in) | dynamodb:ListTables, dynamodb:ListTagsOfResource |
| Amazon EBS | ec2:DescribeVolumes |
| Amazon EBS (built-in) | ec2:DescribeVolumes |
| Amazon EC2 API | |
| Amazon EC2 (built-in) | ec2:DescribeInstances |
| Amazon EC2 Spot Fleet | ec2:DescribeSpotFleetRequests |
| Amazon Elastic Container Service (ECS) | ecs:ListClusters |
| Amazon ECS Container Insights | ecs:ListClusters |
| Amazon ElastiCache (EC) | elasticache:DescribeCacheClusters |
| AWS Elastic Beanstalk | elasticbeanstalk:DescribeEnvironments |
| Amazon Elastic File System (EFS) | elasticfilesystem:DescribeFileSystems |
| Amazon Elastic Inference | |
| Amazon Elastic Map Reduce (EMR) | elasticmapreduce:ListClusters |
| Amazon Elasticsearch Service (ES) | es:ListDomainNames |
| Amazon Elastic Transcoder | elastictranscoder:ListPipelines |
| Amazon Elastic Load Balancer (ELB) (built-in) | elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth |
| Amazon EventBridge | events:ListEventBuses |
| Amazon FSx | fsx:DescribeFileSystems |
| Amazon GameLift | gamelift:ListFleets |
| AWS Glue | glue:GetJobs |
| Amazon Inspector | inspector:ListAssessmentTemplates |
| AWS Internet of Things (IoT) | |
| AWS IoT Analytics | |
| Amazon Managed Streaming for Kafka | kafka:ListClusters |
| Amazon Kinesis Data Analytics | kinesisanalytics:ListApplications |
| Amazon Data Firehose | firehose:ListDeliveryStreams |
| Amazon Kinesis Data Streams | kinesis:ListStreams |
| Amazon Kinesis Video Streams | kinesisvideo:ListStreams |
| AWS Lambda | lambda:ListFunctions |
| AWS Lambda (built-in) | lambda:ListFunctions, lambda:ListTags |
| Amazon Lex | lex:GetBots |
| Amazon Application and Network Load Balancer (built-in) | elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth |
| Amazon CloudWatch Logs | logs:DescribeLogGroups |
| AWS Elemental MediaConnect | mediaconnect:ListFlows |
| AWS Elemental MediaConvert | mediaconvert:DescribeEndpoints |
| AWS Elemental MediaPackage Live | mediapackage:ListChannels |
| AWS Elemental MediaPackage Video on Demand | mediapackage-vod:ListPackagingConfigurations |
| AWS Elemental MediaTailor | mediatailor:ListPlaybackConfigurations |
| Amazon VPC NAT Gateways | ec2:DescribeNatGateways |
| Amazon Neptune | rds:DescribeDBClusters |
| AWS OpsWorks | opsworks:DescribeStacks |
| Amazon Polly | |
| Amazon QLDB | qldb:ListLedgers |
| Amazon RDS | rds:DescribeDBInstances |
| Amazon RDS (built-in) | rds:DescribeDBInstances, rds:DescribeEvents, rds:ListTagsForResource |
| Amazon Redshift | redshift:DescribeClusters |
| Amazon Rekognition | |
| AWS RoboMaker | robomaker:ListSimulationJobs |
| Amazon Route 53 | route53:ListHostedZones |
| Amazon Route 53 Resolver | route53resolver:ListResolverEndpoints |
| Amazon S3 | s3:ListAllMyBuckets |
| Amazon S3 (built-in) | s3:ListAllMyBuckets |
| Amazon SageMaker Batch Transform Jobs | |
| Amazon SageMaker Endpoint Instances | sagemaker:ListEndpoints |
| Amazon SageMaker Endpoints | sagemaker:ListEndpoints |
| Amazon SageMaker Ground Truth | |
| Amazon SageMaker Processing Jobs | |
| Amazon SageMaker Training Jobs | |
| AWS Service Catalog | |
| Amazon Simple Email Service (SES) | |
| Amazon Simple Notification Service (SNS) | sns:ListTopics |
| Amazon Simple Queue Service (SQS) | sqs:ListQueues |
| AWS Systems Manager - Run Command | |
| AWS Step Functions | |
| AWS Storage Gateway | storagegateway:ListGateways |
| Amazon SWF | swf:ListDomains |
| Amazon Textract | |
| AWS IoT Things Graph | |
| AWS Transfer Family | transfer:ListServers |
| AWS Transit Gateway | ec2:DescribeTransitGateways |
| Amazon Translate | |
| AWS Trusted Advisor | |
| AWS API Usage | |
| AWS Site-to-Site VPN | ec2:DescribeVpnConnections |
| AWS WAF Classic | |
| AWS WAF | |
| Amazon WorkMail | workmail:ListOrganizations |
| Amazon WorkSpaces | workspaces:DescribeWorkspaces |
Example of JSON policy for one single service.
JSON policy for Amazon API Gateway
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"apigateway:GET",
"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"sts:GetCallerIdentity",
"tag:GetResources",
"tag:GetTagKeys",
"ec2:DescribeAvailabilityZones"
],
"Resource": "*"
}
]
}
In this example, from the complete list of permissions you need to select
"apigateway:GET"for Amazon API Gateway"cloudwatch:GetMetricData","cloudwatch:GetMetricStatistics","cloudwatch:ListMetrics","sts:GetCallerIdentity","tag:GetResources","tag:GetTagKeys", and"ec2:DescribeAvailabilityZones"for All AWS cloud services.
Enable monitoring¶
To learn how to enable service monitoring, see Enable service monitoring.
View service metrics¶
You can view the service metrics in your Dynatrace environment either on the custom device overview page or on your Dashboards page.
View metrics on the custom device overview page¶
To access the custom device overview page
- Go to
Technologies & Processes Classic. - Filter by service name and select the relevant custom device group.
- Once you select the custom device group, you're on the custom device group overview page.
- The custom device group overview page lists all instances (custom devices) belonging to the group. Select an instance to view the custom device overview page.
View metrics on your dashboard¶
After you add the service to monitoring, a preset dashboard containing all recommended metrics is automatically listed on your Dashboards page. To look for specific dashboards, filter by Preset and then by Name.

For existing monitored services, you might need to resave your credentials for the preset dashboard to appear on the Dashboards page. To resave your credentials, go to Settings > Cloud and virtualization > AWS, select the desired AWS instance, and then select Save.
You can't make changes on a preset dashboard directly, but you can clone and edit it. To clone a dashboard, open the browse menu (â¦) and select Clone.
To remove a dashboard from the dashboards page, you can hide it. To hide a dashboard, open the browse menu (â¦) and select Hide.
Hiding a dashboard doesn't affect other users.

To check the availability of preset dashboards for each AWS service, see the list below.
Preset dashboard availability list¶
| AWS service | Preset dashboard |
|---|---|
| Amazon EC2 Auto Scaling (built-in) | Not applicable |
| AWS Lambda (built-in) | Not applicable |
| Amazon Application and Network Load Balancer (built-in) | Not applicable |
| Amazon DynamoDB (built-in) | Not applicable |
| Amazon EBS (built-in) | Not applicable |
| Amazon EC2 (built-in) | Not applicable |
| Amazon Elastic Load Balancer (ELB) (built-in) | Not applicable |
| Amazon RDS (built-in) | Not applicable |
| Amazon S3 (built-in) | Not applicable |
| AWS Certificate Manager Private Certificate Authority | Not applicable |
| All monitored Amazon services | Not applicable |
| Amazon API Gateway | Not applicable |
| AWS App Runner | Not applicable |
| Amazon AppStream | Applicable |
| AWS AppSync | Applicable |
| Amazon Athena | Applicable |
| Amazon Aurora | Not applicable |
| Amazon EC2 Auto Scaling | Applicable |
| AWS Billing | Applicable |
| Amazon Keyspaces | Applicable |
| AWS Chatbot | Applicable |
| Amazon CloudFront | Not applicable |
| AWS CloudHSM | Applicable |
| Amazon CloudSearch | Applicable |
| AWS CodeBuild | Applicable |
| Amazon Cognito | Not applicable |
| Amazon Connect | Applicable |
| AWS DataSync | Applicable |
| Amazon DynamoDB Accelerator (DAX) | Applicable |
| AWS Database Migration Service (AWS DMS) | Applicable |
| Amazon DocumentDB | Applicable |
| AWS Direct Connect | Applicable |
| Amazon DynamoDB | Not applicable |
| Amazon EBS | Not applicable |
| Amazon EC2 Spot Fleet | Not applicable |
| Amazon EC2 API | Applicable |
| Amazon Elastic Container Service (ECS) | Not applicable |
| Amazon ECS Container Insights | Applicable |
| Amazon Elastic File System (EFS) | Not applicable |
| Amazon Elastic Kubernetes Service (EKS) | Applicable |
| Amazon ElastiCache (EC) | Not applicable |
| AWS Elastic Beanstalk | Applicable |
| Amazon Elastic Inference | Applicable |
| Amazon Elastic Transcoder | Applicable |
| Amazon Elastic Map Reduce (EMR) | Not applicable |
| Amazon Elasticsearch Service (ES) | Not applicable |
| Amazon EventBridge | Applicable |
| Amazon FSx | Applicable |
| Amazon GameLift | Applicable |
| AWS Glue | Not applicable |
| Amazon Inspector | Applicable |
| AWS Internet of Things (IoT) | Not applicable |
| AWS IoT Things Graph | Applicable |
| AWS IoT Analytics | Applicable |
| Amazon Managed Streaming for Kafka | Applicable |
| Amazon Kinesis Data Analytics | Not applicable |
| Amazon Data Firehose | Not applicable |
| Amazon Kinesis Data Streams | Not applicable |
| Amazon Kinesis Video Streams | Not applicable |
| AWS Lambda | Not applicable |
| Amazon Lex | Applicable |
| Amazon CloudWatch Logs | Applicable |
| AWS Elemental MediaTailor | Applicable |
| AWS Elemental MediaConnect | Applicable |
| AWS Elemental MediaConvert | Applicable |
| AWS Elemental MediaPackage Live | Applicable |
| AWS Elemental MediaPackage Video on Demand | Applicable |
| Amazon MQ | Applicable |
| Amazon VPC NAT Gateways | Not applicable |
| Amazon Neptune | Applicable |
| AWS OpsWorks | Applicable |
| Amazon Polly | Applicable |
| Amazon QLDB | Applicable |
| Amazon RDS | Not applicable |
| Amazon Redshift | Not applicable |
| Amazon Rekognition | Applicable |
| AWS RoboMaker | Applicable |
| Amazon Route 53 | Applicable |
| Amazon Route 53 Resolver | Applicable |
| Amazon S3 | Not applicable |
| Amazon SageMaker Batch Transform Jobs | Not applicable |
| Amazon SageMaker Endpoints | Not applicable |
| Amazon SageMaker Endpoint Instances | Not applicable |
| Amazon SageMaker Ground Truth | Not applicable |
| Amazon SageMaker Processing Jobs | Not applicable |
| Amazon SageMaker Training Jobs | Not applicable |
| AWS Service Catalog | Applicable |
| Amazon Simple Email Service (SES) | Not applicable |
| Amazon Simple Notification Service (SNS) | Not applicable |
| Amazon Simple Queue Service (SQS) | Not applicable |
| AWS Systems Manager - Run Command | Applicable |
| AWS Step Functions | Applicable |
| AWS Storage Gateway | Applicable |
| Amazon SWF | Applicable |
| Amazon Textract | Applicable |
| AWS Transfer Family | Applicable |
| AWS Transit Gateway | Applicable |
| Amazon Translate | Applicable |
| AWS Trusted Advisor | Applicable |
| AWS API Usage | Applicable |
| AWS Site-to-Site VPN | Applicable |
| AWS WAF Classic | Applicable |
| AWS WAF | Applicable |
| Amazon WorkMail | Applicable |
| Amazon WorkSpaces | Applicable |

Available metrics¶
| Name | Description | Unit | Statistics | Dimensions | Recommended |
|---|---|---|---|---|---|
| DetectedFaceCount | The number of faces detected with the IndexFaces or DetectFaces operation |
Count | Sum | Region, Operation | Applicable |
| DetectedFaceCount | Count | Sum | Region | Applicable | |
| DetectedLabelCount | The number of labels detected with the DetectLabels operation |
Count | Sum | Region, Operation | Applicable |
| DetectedLabelCount | Count | Sum | Region | ||
| ResponseTime | The time in milliseconds for Rekognition to compute the response | Milliseconds | Multi | Region, Operation | Applicable |
| ResponseTime | Milliseconds | Multi | Region | Applicable | |
| ServerErrorCount | The number of server errors. The response code range for a server error is 500-599. | Count | Sum | Region, Operation | Applicable |
| ServerErrorCount | Count | Sum | Region | Applicable | |
| SuccessfulRequestCount | The number of successful requests. The response code range for a successful request is 200-299. | Count | Sum | Region, Operation | Applicable |
| SuccessfulRequestCount | Count | Sum | Region | Applicable | |
| ThrottledCount | The number of throttled requests | Count | Sum | Region, Operation | Applicable |
| ThrottledCount | Count | Sum | Region | Applicable | |
| UserErrorCount | The number of user errors (such as invalid parameters, invalid image, or no permission). The response code range for a user error is 400-499. | Count | Sum | Region, Operation | Applicable |
| UserErrorCount | Count | Sum | Region | Applicable |
Source: aws-service-relational-database-service-rds-new.md¶
title: Amazon RDS (Relational Database Service) monitoring source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-with-aws/aws-all-services/aws-service-relational-database-service-rds-new scraped: 2026-02-17T21:27:16.093542
Amazon RDS (Relational Database Service) monitoring¶
Amazon RDS (Relational Database Service) monitoring¶
- How-to guide
- 31-min read
- Updated on Nov 15, 2023
For information about differences between classic services and other services, see Migrate from AWS classic (formerly 'built-in') services to cloud services.
Dynatrace ingests metrics for multiple preselected namespaces, including Amazon RDS. You can view metrics for each service instance, split metrics into multiple dimensions, and create custom charts that you can pin to your dashboards.
Prerequisites¶
To enable monitoring for this service, you need
-
ActiveGate version 1.197+
-
For Dynatrace SaaS deployments, you need an Environment ActiveGate or a Multi-environment ActiveGate.
For role-based access in SaaS deployment, you need an Environment ActiveGate installed on an Amazon EC2 host.
- Dynatrace version 1.200+
- An updated AWS monitoring policy to include the additional AWS services.
To update the AWS IAM policy, use the JSON below, containing the monitoring policy (permissions) for all supporting services.
JSON predefined policy for all supporting services
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"acm-pca:ListCertificateAuthorities",
"apigateway:GET",
"apprunner:ListServices",
"appstream:DescribeFleets",
"appsync:ListGraphqlApis",
"athena:ListWorkGroups",
"autoscaling:DescribeAutoScalingGroups",
"cloudformation:ListStackResources",
"cloudfront:ListDistributions",
"cloudhsm:DescribeClusters",
"cloudsearch:DescribeDomains",
"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"codebuild:ListProjects",
"datasync:ListTasks",
"dax:DescribeClusters",
"directconnect:DescribeConnections",
"dms:DescribeReplicationInstances",
"dynamodb:ListTables",
"dynamodb:ListTagsOfResource",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeInstances",
"ec2:DescribeNatGateways",
"ec2:DescribeSpotFleetRequests",
"ec2:DescribeTransitGateways",
"ec2:DescribeVolumes",
"ec2:DescribeVpnConnections",
"ecs:ListClusters",
"eks:ListClusters",
"elasticache:DescribeCacheClusters",
"elasticbeanstalk:DescribeEnvironmentResources",
"elasticbeanstalk:DescribeEnvironments",
"elasticfilesystem:DescribeFileSystems",
"elasticloadbalancing:DescribeInstanceHealth",
"elasticloadbalancing:DescribeListeners",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeRules",
"elasticloadbalancing:DescribeTags",
"elasticloadbalancing:DescribeTargetHealth",
"elasticmapreduce:ListClusters",
"elastictranscoder:ListPipelines",
"es:ListDomainNames",
"events:ListEventBuses",
"firehose:ListDeliveryStreams",
"fsx:DescribeFileSystems",
"gamelift:ListFleets",
"glue:GetJobs",
"inspector:ListAssessmentTemplates",
"kafka:ListClusters",
"kinesis:ListStreams",
"kinesisanalytics:ListApplications",
"kinesisvideo:ListStreams",
"lambda:ListFunctions",
"lambda:ListTags",
"lex:GetBots",
"logs:DescribeLogGroups",
"mediaconnect:ListFlows",
"mediaconvert:DescribeEndpoints",
"mediapackage-vod:ListPackagingConfigurations",
"mediapackage:ListChannels",
"mediatailor:ListPlaybackConfigurations",
"opsworks:DescribeStacks",
"qldb:ListLedgers",
"rds:DescribeDBClusters",
"rds:DescribeDBInstances",
"rds:DescribeEvents",
"rds:ListTagsForResource",
"redshift:DescribeClusters",
"robomaker:ListSimulationJobs",
"route53:ListHostedZones",
"route53resolver:ListResolverEndpoints",
"s3:ListAllMyBuckets",
"sagemaker:ListEndpoints",
"sns:ListTopics",
"sqs:ListQueues",
"storagegateway:ListGateways",
"sts:GetCallerIdentity",
"swf:ListDomains",
"tag:GetResources",
"tag:GetTagKeys",
"transfer:ListServers",
"workmail:ListOrganizations",
"workspaces:DescribeWorkspaces"
],
"Resource": "*"
}
]
}
If you don't want to add permissions to all services, and just select permissions for certain services, consult the table below. The table contains a set of permissions that are required for All AWS cloud services and, for each supporting service, a list of optional permissions specific to that service.
Permissions required for AWS monitoring integration:
"cloudwatch:GetMetricData""cloudwatch:GetMetricStatistics""cloudwatch:ListMetrics""sts:GetCallerIdentity""tag:GetResources""tag:GetTagKeys""ec2:DescribeAvailabilityZones"
Complete list of permissions for cloud services¶
| Name | Permissions |
|---|---|
| All monitored Amazon services Required | cloudwatch:GetMetricData, cloudwatch:GetMetricStatistics, cloudwatch:ListMetrics, sts:GetCallerIdentity, tag:GetResources, tag:GetTagKeys, ec2:DescribeAvailabilityZones |
| AWS Certificate Manager Private Certificate Authority | acm-pca:ListCertificateAuthorities |
| Amazon MQ | |
| Amazon API Gateway | apigateway:GET |
| AWS App Runner | apprunner:ListServices |
| Amazon AppStream | appstream:DescribeFleets |
| AWS AppSync | appsync:ListGraphqlApis |
| Amazon Athena | athena:ListWorkGroups |
| Amazon Aurora | rds:DescribeDBClusters |
| Amazon EC2 Auto Scaling | autoscaling:DescribeAutoScalingGroups |
| Amazon EC2 Auto Scaling (built-in) | autoscaling:DescribeAutoScalingGroups |
| AWS Billing | |
| Amazon Keyspaces | |
| AWS Chatbot | |
| Amazon CloudFront | cloudfront:ListDistributions |
| AWS CloudHSM | cloudhsm:DescribeClusters |
| Amazon CloudSearch | cloudsearch:DescribeDomains |
| AWS CodeBuild | codebuild:ListProjects |
| Amazon Cognito | |
| Amazon Connect | |
| Amazon Elastic Kubernetes Service (EKS) | eks:ListClusters |
| AWS DataSync | datasync:ListTasks |
| Amazon DynamoDB Accelerator (DAX) | dax:DescribeClusters |
| AWS Database Migration Service (AWS DMS) | dms:DescribeReplicationInstances |
| Amazon DocumentDB | rds:DescribeDBClusters |
| AWS Direct Connect | directconnect:DescribeConnections |
| Amazon DynamoDB | dynamodb:ListTables |
| Amazon DynamoDB (built-in) | dynamodb:ListTables, dynamodb:ListTagsOfResource |
| Amazon EBS | ec2:DescribeVolumes |
| Amazon EBS (built-in) | ec2:DescribeVolumes |
| Amazon EC2 API | |
| Amazon EC2 (built-in) | ec2:DescribeInstances |
| Amazon EC2 Spot Fleet | ec2:DescribeSpotFleetRequests |
| Amazon Elastic Container Service (ECS) | ecs:ListClusters |
| Amazon ECS Container Insights | ecs:ListClusters |
| Amazon ElastiCache (EC) | elasticache:DescribeCacheClusters |
| AWS Elastic Beanstalk | elasticbeanstalk:DescribeEnvironments |
| Amazon Elastic File System (EFS) | elasticfilesystem:DescribeFileSystems |
| Amazon Elastic Inference | |
| Amazon Elastic Map Reduce (EMR) | elasticmapreduce:ListClusters |
| Amazon Elasticsearch Service (ES) | es:ListDomainNames |
| Amazon Elastic Transcoder | elastictranscoder:ListPipelines |
| Amazon Elastic Load Balancer (ELB) (built-in) | elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth |
| Amazon EventBridge | events:ListEventBuses |
| Amazon FSx | fsx:DescribeFileSystems |
| Amazon GameLift | gamelift:ListFleets |
| AWS Glue | glue:GetJobs |
| Amazon Inspector | inspector:ListAssessmentTemplates |
| AWS Internet of Things (IoT) | |
| AWS IoT Analytics | |
| Amazon Managed Streaming for Kafka | kafka:ListClusters |
| Amazon Kinesis Data Analytics | kinesisanalytics:ListApplications |
| Amazon Data Firehose | firehose:ListDeliveryStreams |
| Amazon Kinesis Data Streams | kinesis:ListStreams |
| Amazon Kinesis Video Streams | kinesisvideo:ListStreams |
| AWS Lambda | lambda:ListFunctions |
| AWS Lambda (built-in) | lambda:ListFunctions, lambda:ListTags |
| Amazon Lex | lex:GetBots |
| Amazon Application and Network Load Balancer (built-in) | elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth |
| Amazon CloudWatch Logs | logs:DescribeLogGroups |
| AWS Elemental MediaConnect | mediaconnect:ListFlows |
| AWS Elemental MediaConvert | mediaconvert:DescribeEndpoints |
| AWS Elemental MediaPackage Live | mediapackage:ListChannels |
| AWS Elemental MediaPackage Video on Demand | mediapackage-vod:ListPackagingConfigurations |
| AWS Elemental MediaTailor | mediatailor:ListPlaybackConfigurations |
| Amazon VPC NAT Gateways | ec2:DescribeNatGateways |
| Amazon Neptune | rds:DescribeDBClusters |
| AWS OpsWorks | opsworks:DescribeStacks |
| Amazon Polly | |
| Amazon QLDB | qldb:ListLedgers |
| Amazon RDS | rds:DescribeDBInstances |
| Amazon RDS (built-in) | rds:DescribeDBInstances, rds:DescribeEvents, rds:ListTagsForResource |
| Amazon Redshift | redshift:DescribeClusters |
| Amazon Rekognition | |
| AWS RoboMaker | robomaker:ListSimulationJobs |
| Amazon Route 53 | route53:ListHostedZones |
| Amazon Route 53 Resolver | route53resolver:ListResolverEndpoints |
| Amazon S3 | s3:ListAllMyBuckets |
| Amazon S3 (built-in) | s3:ListAllMyBuckets |
| Amazon SageMaker Batch Transform Jobs | |
| Amazon SageMaker Endpoint Instances | sagemaker:ListEndpoints |
| Amazon SageMaker Endpoints | sagemaker:ListEndpoints |
| Amazon SageMaker Ground Truth | |
| Amazon SageMaker Processing Jobs | |
| Amazon SageMaker Training Jobs | |
| AWS Service Catalog | |
| Amazon Simple Email Service (SES) | |
| Amazon Simple Notification Service (SNS) | sns:ListTopics |
| Amazon Simple Queue Service (SQS) | sqs:ListQueues |
| AWS Systems Manager - Run Command | |
| AWS Step Functions | |
| AWS Storage Gateway | storagegateway:ListGateways |
| Amazon SWF | swf:ListDomains |
| Amazon Textract | |
| AWS IoT Things Graph | |
| AWS Transfer Family | transfer:ListServers |
| AWS Transit Gateway | ec2:DescribeTransitGateways |
| Amazon Translate | |
| AWS Trusted Advisor | |
| AWS API Usage | |
| AWS Site-to-Site VPN | ec2:DescribeVpnConnections |
| AWS WAF Classic | |
| AWS WAF | |
| Amazon WorkMail | workmail:ListOrganizations |
| Amazon WorkSpaces | workspaces:DescribeWorkspaces |
Example of JSON policy for one single service.
JSON policy for Amazon API Gateway
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"apigateway:GET",
"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"sts:GetCallerIdentity",
"tag:GetResources",
"tag:GetTagKeys",
"ec2:DescribeAvailabilityZones"
],
"Resource": "*"
}
]
}
In this example, from the complete list of permissions you need to select
"apigateway:GET"for Amazon API Gateway"cloudwatch:GetMetricData","cloudwatch:GetMetricStatistics","cloudwatch:ListMetrics","sts:GetCallerIdentity","tag:GetResources","tag:GetTagKeys", and"ec2:DescribeAvailabilityZones"for All AWS cloud services.
AWS endpoints that need to be reachable from ActiveGate with corresponding AWS services¶
| Endpoint | Service |
|---|---|
autoscaling.<REGION>.amazonaws.com |
Amazon EC2 Auto Scaling (built-in), Amazon EC2 Auto Scaling |
lambda.<REGION>.amazonaws.com |
AWS Lambda (built-in), AWS Lambda |
elasticloadbalancing.<REGION>.amazonaws.com |
Amazon Application and Network Load Balancer (built-in), Amazon Elastic Load Balancer (ELB) (built-in) |
dynamodb.<REGION>.amazonaws.com |
Amazon DynamoDB (built-in), Amazon DynamoDB |
ec2.<REGION>.amazonaws.com |
Amazon EBS (built-in), Amazon EC2 (built-in), Amazon EBS, Amazon EC2 Spot Fleet, Amazon VPC NAT Gateways, AWS Transit Gateway, AWS Site-to-Site VPN |
rds.<REGION>.amazonaws.com |
Amazon RDS (built-in), Amazon Aurora, Amazon DocumentDB, Amazon Neptune, Amazon RDS |
s3.<REGION>.amazonaws.com |
Amazon S3 (built-in) |
acm-pca.<REGION>.amazonaws.com |
AWS Certificate Manager Private Certificate Authority |
apigateway.<REGION>.amazonaws.com |
Amazon API Gateway |
apprunner.<REGION>.amazonaws.com |
AWS App Runner |
appstream2.<REGION>.amazonaws.com |
Amazon AppStream |
appsync.<REGION>.amazonaws.com |
AWS AppSync |
athena.<REGION>.amazonaws.com |
Amazon Athena |
cloudfront.amazonaws.com |
Amazon CloudFront |
cloudhsmv2.<REGION>.amazonaws.com |
AWS CloudHSM |
cloudsearch.<REGION>.amazonaws.com |
Amazon CloudSearch |
codebuild.<REGION>.amazonaws.com |
AWS CodeBuild |
datasync.<REGION>.amazonaws.com |
AWS DataSync |
dax.<REGION>.amazonaws.com |
Amazon DynamoDB Accelerator (DAX) |
dms.<REGION>.amazonaws.com |
AWS Database Migration Service (AWS DMS) |
directconnect.<REGION>.amazonaws.com |
AWS Direct Connect |
ecs.<REGION>.amazonaws.com |
Amazon Elastic Container Service (ECS), Amazon ECS Container Insights |
elasticfilesystem.<REGION>.amazonaws.com |
Amazon Elastic File System (EFS) |
eks.<REGION>.amazonaws.com |
Amazon Elastic Kubernetes Service (EKS) |
elasticache.<REGION>.amazonaws.com |
Amazon ElastiCache (EC) |
elasticbeanstalk.<REGION>.amazonaws.com |
AWS Elastic Beanstalk |
elastictranscoder.<REGION>.amazonaws.com |
Amazon Elastic Transcoder |
es.<REGION>.amazonaws.com |
Amazon Elasticsearch Service (ES) |
events.<REGION>.amazonaws.com |
Amazon EventBridge |
fsx.<REGION>.amazonaws.com |
Amazon FSx |
gamelift.<REGION>.amazonaws.com |
Amazon GameLift |
glue.<REGION>.amazonaws.com |
AWS Glue |
inspector.<REGION>.amazonaws.com |
Amazon Inspector |
kafka.<REGION>.amazonaws.com |
Amazon Managed Streaming for Kafka |
models.lex.<REGION>.amazonaws.com |
Amazon Lex |
logs.<REGION>.amazonaws.com |
Amazon CloudWatch Logs |
api.mediatailor.<REGION>.amazonaws.com |
AWS Elemental MediaTailor |
mediaconnect.<REGION>.amazonaws.com |
AWS Elemental MediaConnect |
mediapackage.<REGION>.amazonaws.com |
AWS Elemental MediaPackage Live |
mediapackage-vod.<REGION>.amazonaws.com |
AWS Elemental MediaPackage Video on Demand |
opsworks.<REGION>.amazonaws.com |
AWS OpsWorks |
qldb.<REGION>.amazonaws.com |
Amazon QLDB |
redshift.<REGION>.amazonaws.com |
Amazon Redshift |
robomaker.<REGION>.amazonaws.com |
AWS RoboMaker |
route53.amazonaws.com |
Amazon Route 53 |
route53resolver.<REGION>.amazonaws.com |
Amazon Route 53 Resolver |
api.sagemaker.<REGION>.amazonaws.com |
Amazon SageMaker Endpoints, Amazon SageMaker Endpoint Instances |
sns.<REGION>.amazonaws.com |
Amazon Simple Notification Service (SNS) |
sqs.<REGION>.amazonaws.com |
Amazon Simple Queue Service (SQS) |
storagegateway.<REGION>.amazonaws.com |
AWS Storage Gateway |
swf.<REGION>.amazonaws.com |
Amazon SWF |
transfer.<REGION>.amazonaws.com |
AWS Transfer Family |
workmail.<REGION>.amazonaws.com |
Amazon WorkMail |
workspaces.<REGION>.amazonaws.com |
Amazon WorkSpaces |
Enable monitoring¶
To learn how to enable service monitoring, see Enable service monitoring.
View service metrics¶
You can view the service metrics in your Dynatrace environment either on the custom device overview page or on your Dashboards page.
View metrics on the custom device overview page¶
To access the custom device overview page
- Go to
Technologies & Processes Classic. - Filter by service name and select the relevant custom device group.
- Once you select the custom device group, you're on the custom device group overview page.
- The custom device group overview page lists all instances (custom devices) belonging to the group. Select an instance to view the custom device overview page.
View metrics on your dashboard¶
You can also view metrics in the Dynatrace web UI on dashboards. There is no preset dashboard available for this service, but you can create your own dashboard.
To check the availability of preset dashboards for each AWS service, see the list below.
Preset dashboard availability list¶
| AWS service | Preset dashboard |
|---|---|
| Amazon EC2 Auto Scaling (built-in) | Not applicable |
| AWS Lambda (built-in) | Not applicable |
| Amazon Application and Network Load Balancer (built-in) | Not applicable |
| Amazon DynamoDB (built-in) | Not applicable |
| Amazon EBS (built-in) | Not applicable |
| Amazon EC2 (built-in) | Not applicable |
| Amazon Elastic Load Balancer (ELB) (built-in) | Not applicable |
| Amazon RDS (built-in) | Not applicable |
| Amazon S3 (built-in) | Not applicable |
| AWS Certificate Manager Private Certificate Authority | Not applicable |
| All monitored Amazon services | Not applicable |
| Amazon API Gateway | Not applicable |
| AWS App Runner | Not applicable |
| Amazon AppStream | Applicable |
| AWS AppSync | Applicable |
| Amazon Athena | Applicable |
| Amazon Aurora | Not applicable |
| Amazon EC2 Auto Scaling | Applicable |
| AWS Billing | Applicable |
| Amazon Keyspaces | Applicable |
| AWS Chatbot | Applicable |
| Amazon CloudFront | Not applicable |
| AWS CloudHSM | Applicable |
| Amazon CloudSearch | Applicable |
| AWS CodeBuild | Applicable |
| Amazon Cognito | Not applicable |
| Amazon Connect | Applicable |
| AWS DataSync | Applicable |
| Amazon DynamoDB Accelerator (DAX) | Applicable |
| AWS Database Migration Service (AWS DMS) | Applicable |
| Amazon DocumentDB | Applicable |
| AWS Direct Connect | Applicable |
| Amazon DynamoDB | Not applicable |
| Amazon EBS | Not applicable |
| Amazon EC2 Spot Fleet | Not applicable |
| Amazon EC2 API | Applicable |
| Amazon Elastic Container Service (ECS) | Not applicable |
| Amazon ECS Container Insights | Applicable |
| Amazon Elastic File System (EFS) | Not applicable |
| Amazon Elastic Kubernetes Service (EKS) | Applicable |
| Amazon ElastiCache (EC) | Not applicable |
| AWS Elastic Beanstalk | Applicable |
| Amazon Elastic Inference | Applicable |
| Amazon Elastic Transcoder | Applicable |
| Amazon Elastic Map Reduce (EMR) | Not applicable |
| Amazon Elasticsearch Service (ES) | Not applicable |
| Amazon EventBridge | Applicable |
| Amazon FSx | Applicable |
| Amazon GameLift | Applicable |
| AWS Glue | Not applicable |
| Amazon Inspector | Applicable |
| AWS Internet of Things (IoT) | Not applicable |
| AWS IoT Things Graph | Applicable |
| AWS IoT Analytics | Applicable |
| Amazon Managed Streaming for Kafka | Applicable |
| Amazon Kinesis Data Analytics | Not applicable |
| Amazon Data Firehose | Not applicable |
| Amazon Kinesis Data Streams | Not applicable |
| Amazon Kinesis Video Streams | Not applicable |
| AWS Lambda | Not applicable |
| Amazon Lex | Applicable |
| Amazon CloudWatch Logs | Applicable |
| AWS Elemental MediaTailor | Applicable |
| AWS Elemental MediaConnect | Applicable |
| AWS Elemental MediaConvert | Applicable |
| AWS Elemental MediaPackage Live | Applicable |
| AWS Elemental MediaPackage Video on Demand | Applicable |
| Amazon MQ | Applicable |
| Amazon VPC NAT Gateways | Not applicable |
| Amazon Neptune | Applicable |
| AWS OpsWorks | Applicable |
| Amazon Polly | Applicable |
| Amazon QLDB | Applicable |
| Amazon RDS | Not applicable |
| Amazon Redshift | Not applicable |
| Amazon Rekognition | Applicable |
| AWS RoboMaker | Applicable |
| Amazon Route 53 | Applicable |
| Amazon Route 53 Resolver | Applicable |
| Amazon S3 | Not applicable |
| Amazon SageMaker Batch Transform Jobs | Not applicable |
| Amazon SageMaker Endpoints | Not applicable |
| Amazon SageMaker Endpoint Instances | Not applicable |
| Amazon SageMaker Ground Truth | Not applicable |
| Amazon SageMaker Processing Jobs | Not applicable |
| Amazon SageMaker Training Jobs | Not applicable |
| AWS Service Catalog | Applicable |
| Amazon Simple Email Service (SES) | Not applicable |
| Amazon Simple Notification Service (SNS) | Not applicable |
| Amazon Simple Queue Service (SQS) | Not applicable |
| AWS Systems Manager - Run Command | Applicable |
| AWS Step Functions | Applicable |
| AWS Storage Gateway | Applicable |
| Amazon SWF | Applicable |
| Amazon Textract | Applicable |
| AWS Transfer Family | Applicable |
| AWS Transit Gateway | Applicable |
| Amazon Translate | Applicable |
| AWS Trusted Advisor | Applicable |
| AWS API Usage | Applicable |
| AWS Site-to-Site VPN | Applicable |
| AWS WAF Classic | Applicable |
| AWS WAF | Applicable |
| Amazon WorkMail | Applicable |
| Amazon WorkSpaces | Applicable |
Available metrics¶
This service monitors a part of Amazon RDS (AWS/RDS). While you have this service configured, you can't have Amazon RDS (built-in) service turned on.
DBInstanceIdentifier is the main dimension.
| Name | Description | Dimensions | Unit | Recommended |
|---|---|---|---|---|
| Aurora_pq_request_not_chosen_tx_isolation | Region, DatabaseClass | Count | ||
| Aurora_pq_request_not_chosen_tx_isolation | Region, DBClusterIdentifier | Count | ||
| Aurora_pq_request_not_chosen_tx_isolation | Region | Count | ||
| Aurora_pq_request_not_chosen_tx_isolation | Region, EngineName | Count | ||
| Aurora_pq_request_not_chosen_tx_isolation | Region, DBClusterIdentifier, Role | Count | ||
| SumBinaryLogSize | Region, DatabaseClass | Count | ||
| SumBinaryLogSize | Region, DBClusterIdentifier | Count | ||
| SumBinaryLogSize | Region | Count | ||
| SumBinaryLogSize | Region, EngineName | Count | ||
| SumBinaryLogSize | Region, DBClusterIdentifier, Role | Count | ||
| DeleteThroughput | DBInstanceIdentifier | Count/Second | ||
| Deadlocks | Region, DatabaseClass | Count/Second | ||
| Deadlocks | Region, DBClusterIdentifier | Count/Second | ||
| Deadlocks | Region | Count/Second | ||
| Deadlocks | Region, EngineName | Count/Second | ||
| Deadlocks | Region, DBClusterIdentifier, Role | Count/Second | ||
| Aurora_pq_request_not_chosen_column_bit | Region, DatabaseClass | Count | ||
| Aurora_pq_request_not_chosen_column_bit | Region, DBClusterIdentifier | Count | ||
| Aurora_pq_request_not_chosen_column_bit | Region | Count | ||
| Aurora_pq_request_not_chosen_column_bit | Region, EngineName | Count | ||
| Aurora_pq_request_not_chosen_column_bit | Region, DBClusterIdentifier, Role | Count | ||
| TotalBackupStorageBilled | Region, DBClusterIdentifier | Bytes | ||
| TotalBackupStorageBilled | Region, EngineName | Bytes | ||
| DeleteLatency | Region, DatabaseClass | Milliseconds | ||
| DeleteLatency | Region, DBClusterIdentifier | Milliseconds | ||
| DeleteLatency | Region | Milliseconds | ||
| DeleteLatency | Region, EngineName | Milliseconds | ||
| DeleteLatency | Region, DBClusterIdentifier, Role | Milliseconds | ||
| Aurora_pq_request_not_chosen_high_buffer_pool_pct | DBInstanceIdentifier | Count | ||
| DDLLatency | Region, DatabaseClass | Milliseconds | ||
| DDLLatency | Region, DBClusterIdentifier | Milliseconds | ||
| DDLLatency | Region | Milliseconds | ||
| DDLLatency | Region, EngineName | Milliseconds | ||
| DDLLatency | Region, DBClusterIdentifier, Role | Milliseconds | ||
| DMLLatency | Region, DatabaseClass | Milliseconds | ||
| DMLLatency | Region, DBClusterIdentifier | Milliseconds | ||
| DMLLatency | Region | Milliseconds | ||
| DMLLatency | Region, EngineName | Milliseconds | ||
| DMLLatency | Region, DBClusterIdentifier, Role | Milliseconds | ||
| DDLThroughput | Region, DatabaseClass | Count/Second | ||
| DDLThroughput | Region, DBClusterIdentifier | Count/Second | ||
| DDLThroughput | Region | Count/Second | ||
| DDLThroughput | Region, EngineName | Count/Second | ||
| DDLThroughput | Region, DBClusterIdentifier, Role | Count/Second | ||
| CommitThroughput | Region, DatabaseClass | Count/Second | ||
| CommitThroughput | Region, DBClusterIdentifier | Count/Second | ||
| CommitThroughput | Region | Count/Second | ||
| CommitThroughput | Region, EngineName | Count/Second | ||
| CommitThroughput | Region, DBClusterIdentifier, Role | Count/Second | ||
| ForwardingReplicaReadWaitLatency | DBInstanceIdentifier | Count | ||
| Aurora_pq_request_not_chosen_custom_charset | Region, DatabaseClass | Count | ||
| Aurora_pq_request_not_chosen_custom_charset | Region, DBClusterIdentifier | Count | ||
| Aurora_pq_request_not_chosen_custom_charset | Region | Count | ||
| Aurora_pq_request_not_chosen_custom_charset | Region, EngineName | Count | ||
| Aurora_pq_request_not_chosen_custom_charset | Region, DBClusterIdentifier, Role | Count | ||
| BlockedTransactions | Region, DatabaseClass | Count/Second | ||
| BlockedTransactions | Region, DBClusterIdentifier | Count/Second | ||
| BlockedTransactions | Region | Count/Second | ||
| BlockedTransactions | Region, EngineName | Count/Second | ||
| BlockedTransactions | Region, DBClusterIdentifier, Role | Count/Second | ||
| EBSIOBalance% | The percentage of I/O credits remaining in the burst bucket of your RDS database. This metric is available for basic | Region, DatabaseClass | Percent | |
| EBSIOBalance% | Region, DBClusterIdentifier | Percent | ||
| EBSIOBalance% | Region | Percent | ||
| EBSIOBalance% | Region, EngineName | Percent | Applicable | |
| EBSIOBalance% | Region, DBClusterIdentifier, Role | Percent | ||
| SwapUsage | The amount of swap space used on the DB instance. | Region, DatabaseClass | Bytes | |
| SwapUsage | Region, DBClusterIdentifier | Bytes | ||
| SwapUsage | Region | Bytes | ||
| SwapUsage | Region, EngineName | Bytes | ||
| SwapUsage | Region, DBClusterIdentifier, Role | Bytes | ||
| ForwardingReplicaDMLThroughput | DBInstanceIdentifier | Count | ||
| Aurora_pq_request_attempted | DBInstanceIdentifier | Count | ||
| LoginFailures | Region, DatabaseClass | Count/Second | ||
| LoginFailures | Region, DBClusterIdentifier | Count/Second | ||
| LoginFailures | Region | Count/Second | ||
| LoginFailures | Region, EngineName | Count/Second | ||
| LoginFailures | Region, DBClusterIdentifier, Role | Count/Second | ||
| NetworkTransmitThroughput | The outgoing (transmit) network traffic on the DB instance, including both customer database traffic and Amazon RDS | Region, DatabaseClass | Bytes/Second | |
| NetworkTransmitThroughput | Region, DBClusterIdentifier | Bytes/Second | ||
| NetworkTransmitThroughput | Region | Bytes/Second | ||
| NetworkTransmitThroughput | Region, EngineName | Bytes/Second | ||
| NetworkTransmitThroughput | Region, DBClusterIdentifier, Role | Bytes/Second | ||
| NumBinaryLogFiles | Region, DatabaseClass | Count | ||
| NumBinaryLogFiles | Region, DBClusterIdentifier | Count | ||
| NumBinaryLogFiles | Region | Count | ||
| NumBinaryLogFiles | Region, EngineName | Count | ||
| NumBinaryLogFiles | Region, DBClusterIdentifier, Role | Count | ||
| DBLoadCPU | DBInstanceIdentifier | None | ||
| Aurora_pq_request_failed | DBInstanceIdentifier | Count | ||
| BlockedTransactions | DBInstanceIdentifier | Count/Second | ||
| ForwardingReplicaReadWaitThroughput | DBInstanceIdentifier | Count | ||
| ReadThroughput | The average number of bytes read from disk per second. | Region, DatabaseClass | Bytes/Second | |
| ReadThroughput | Region | Bytes/Second | ||
| ReadThroughput | Region, EngineName | Bytes/Second | ||
| Aurora_pq_request_not_chosen_long_trx | Region, DatabaseClass | Count | ||
| Aurora_pq_request_not_chosen_long_trx | Region, DBClusterIdentifier | Count | ||
| Aurora_pq_request_not_chosen_long_trx | Region | Count | ||
| Aurora_pq_request_not_chosen_long_trx | Region, EngineName | Count | ||
| Aurora_pq_request_not_chosen_long_trx | Region, DBClusterIdentifier, Role | Count | ||
| DeleteThroughput | Region, DatabaseClass | Count/Second | ||
| DeleteThroughput | Region, DBClusterIdentifier | Count/Second | ||
| DeleteThroughput | Region | Count/Second | ||
| DeleteThroughput | Region, EngineName | Count/Second | ||
| DeleteThroughput | Region, DBClusterIdentifier, Role | Count/Second | ||
| DBLoadCPU | Region | None | ||
| CommitLatency | Region, DatabaseClass | Milliseconds | ||
| CommitLatency | Region, DBClusterIdentifier | Milliseconds | ||
| CommitLatency | Region | Milliseconds | ||
| CommitLatency | Region, EngineName | Milliseconds | ||
| CommitLatency | Region, DBClusterIdentifier, Role | Milliseconds | ||
| ForwardingReplicaOpenSessions | Region, DatabaseClass | Count | ||
| ForwardingReplicaOpenSessions | Region, DBClusterIdentifier | Count | ||
| ForwardingReplicaOpenSessions | Region | Count | ||
| ForwardingReplicaOpenSessions | Region, EngineName | Count | ||
| ForwardingReplicaOpenSessions | Region, DBClusterIdentifier, Role | Count | ||
| BackupRetentionPeriodStorageUsed | Region, DBClusterIdentifier | Bytes | ||
| BackupRetentionPeriodStorageUsed | Region, EngineName | Bytes | ||
| InsertLatency | Region, DatabaseClass | Milliseconds | ||
| InsertLatency | Region, DBClusterIdentifier | Milliseconds | ||
| InsertLatency | Region | Milliseconds | ||
| InsertLatency | Region, EngineName | Milliseconds | ||
| InsertLatency | Region, DBClusterIdentifier, Role | Milliseconds | ||
| DMLThroughput | Region, DatabaseClass | Count/Second | ||
| DMLThroughput | Region, DBClusterIdentifier | Count/Second | ||
| DMLThroughput | Region | Count/Second | ||
| DMLThroughput | Region, EngineName | Count/Second | ||
| DMLThroughput | Region, DBClusterIdentifier, Role | Count/Second | ||
| Aurora_pq_request_attempted | Region, DatabaseClass | Count | ||
| Aurora_pq_request_attempted | Region, DBClusterIdentifier | Count | ||
| Aurora_pq_request_attempted | Region | Count | ||
| Aurora_pq_request_attempted | Region, EngineName | Count | ||
| Aurora_pq_request_attempted | Region, DBClusterIdentifier, Role | Count | ||
| DiskQueueDepth | The number of outstanding I/Os (read/write requests) waiting to access the disk. | Region, DatabaseClass | Count | |
| DiskQueueDepth | Region | Count | ||
| DiskQueueDepth | Region, EngineName | Count | Applicable | |
| Aurora_pq_request_not_chosen_temporary_table | Region, DatabaseClass | Count | ||
| Aurora_pq_request_not_chosen_temporary_table | Region, DBClusterIdentifier | Count | ||
| Aurora_pq_request_not_chosen_temporary_table | Region | Count | ||
| Aurora_pq_request_not_chosen_temporary_table | Region, EngineName | Count | ||
| Aurora_pq_request_not_chosen_temporary_table | Region, DBClusterIdentifier, Role | Count | ||
| BinLogDiskUsage | The amount of disk space occupied by binary logs. If automatic backups are enabled for MySQL and MariaDB instances, | Region, DatabaseClass | Bytes | |
| BinLogDiskUsage | Region | Bytes | ||
| BinLogDiskUsage | Region, EngineName | Bytes | Applicable | |
| BinLogDiskUsage | Region, EngineName | Bytes | ||
| ForwardingWriterDMLThroughput | Region, DatabaseClass | Count | ||
| ForwardingWriterDMLThroughput | Region, DBClusterIdentifier | Count | ||
| ForwardingWriterDMLThroughput | Region | Count | ||
| ForwardingWriterDMLThroughput | Region, EngineName | Count | ||
| ForwardingWriterDMLThroughput | Region, DBClusterIdentifier, Role | Count | ||
| Queries | DBInstanceIdentifier | Count/Second | ||
| Aurora_pq_request_not_chosen_unsupported_access | Region, DatabaseClass | Count | ||
| Aurora_pq_request_not_chosen_unsupported_access | Region, DBClusterIdentifier | Count | ||
| Aurora_pq_request_not_chosen_unsupported_access | Region | Count | ||
| Aurora_pq_request_not_chosen_unsupported_access | Region, EngineName | Count | ||
| Aurora_pq_request_not_chosen_unsupported_access | Region, DBClusterIdentifier, Role | Count | ||
| AuroraSlowConnectionHandleCount | Region, DatabaseClass | Count | ||
| AuroraSlowConnectionHandleCount | Region, DBClusterIdentifier | Count | ||
| AuroraSlowConnectionHandleCount | Region | Count | ||
| AuroraSlowConnectionHandleCount | Region, EngineName | Count | ||
| AuroraSlowConnectionHandleCount | Region, DBClusterIdentifier, Role | Count | ||
| Aurora_pq_request_not_chosen_column_geometry | Region, DatabaseClass | Count | ||
| Aurora_pq_request_not_chosen_column_geometry | Region, DBClusterIdentifier | Count | ||
| Aurora_pq_request_not_chosen_column_geometry | Region | Count | ||
| Aurora_pq_request_not_chosen_column_geometry | Region, EngineName | Count | ||
| Aurora_pq_request_not_chosen_column_geometry | Region, DBClusterIdentifier, Role | Count | ||
| CommitThroughput | DBInstanceIdentifier | Count/Second | ||
| RollbackSegmentHistoryListLength | Region, DatabaseClass | Count | ||
| RollbackSegmentHistoryListLength | Region, DBClusterIdentifier | Count | ||
| RollbackSegmentHistoryListLength | Region | Count | ||
| RollbackSegmentHistoryListLength | Region, EngineName | Count | ||
| RollbackSegmentHistoryListLength | Region, DBClusterIdentifier, Role | Count | ||
| SelectLatency | Region, DatabaseClass | Milliseconds | ||
| SelectLatency | Region, DBClusterIdentifier | Milliseconds | ||
| SelectLatency | Region | Milliseconds | ||
| SelectLatency | Region, EngineName | Milliseconds | ||
| SelectLatency | Region, DBClusterIdentifier, Role | Milliseconds | ||
| ForwardingReplicaDMLLatency | Region, DatabaseClass | Count | ||
| ForwardingReplicaDMLLatency | Region, DBClusterIdentifier | Count | ||
| ForwardingReplicaDMLLatency | Region | Count | ||
| ForwardingReplicaDMLLatency | Region, EngineName | Count | ||
| ForwardingReplicaDMLLatency | Region, DBClusterIdentifier, Role | Count | ||
| StorageNetworkThroughput | DBInstanceIdentifier | Bytes/Second | ||
| Aurora_pq_request_not_chosen_few_pages_outside_buffer_pool | DBInstanceIdentifier | Count | ||
| DatabaseConnections | The number of client network connections to the database instance. | Region, DatabaseClass | Count | |
| DatabaseConnections | Region, DBClusterIdentifier | Count | ||
| DatabaseConnections | Region | Count | ||
| DatabaseConnections | Region, EngineName | Count | Applicable | |
| DatabaseConnections | Region, DBClusterIdentifier, Role | Count | ||
| Aurora_pq_request_not_chosen_custom_charset | DBInstanceIdentifier | Count | ||
| Aurora_pq_request_not_chosen_small_table | Region, DatabaseClass | Count | ||
| Aurora_pq_request_not_chosen_small_table | Region, DBClusterIdentifier | Count | ||
| Aurora_pq_request_not_chosen_small_table | Region | Count | ||
| Aurora_pq_request_not_chosen_small_table | Region, EngineName | Count | ||
| Aurora_pq_request_not_chosen_small_table | Region, DBClusterIdentifier, Role | Count | ||
| Aurora_pq_request_not_chosen_row_length_too_long | Region, DatabaseClass | Count | ||
| Aurora_pq_request_not_chosen_row_length_too_long | Region, DBClusterIdentifier | Count | ||
| Aurora_pq_request_not_chosen_row_length_too_long | Region | Count | ||
| Aurora_pq_request_not_chosen_row_length_too_long | Region, EngineName | Count | ||
| Aurora_pq_request_not_chosen_row_length_too_long | Region, DBClusterIdentifier, Role | Count | ||
| EngineUptime | Region, DatabaseClass | Seconds | ||
| EngineUptime | Region, DBClusterIdentifier | Seconds | ||
| EngineUptime | Region | Seconds | ||
| EngineUptime | Region, EngineName | Seconds | ||
| EngineUptime | Region, DBClusterIdentifier, Role | Seconds | ||
| FreeStorageSpace | The amount of available storage space. | Region, DatabaseClass | Bytes | |
| FreeStorageSpace | Region | Bytes | ||
| FreeStorageSpace | Region, EngineName | Bytes | Applicable | |
| FreeStorageSpace | Region, EngineName | Bytes | ||
| Aurora_pq_request_not_chosen_column_lob | Region, DatabaseClass | Count | ||
| Aurora_pq_request_not_chosen_column_lob | Region, DBClusterIdentifier | Count | ||
| Aurora_pq_request_not_chosen_column_lob | Region | Count | ||
| Aurora_pq_request_not_chosen_column_lob | Region, EngineName | Count | ||
| Aurora_pq_request_not_chosen_column_lob | Region, DBClusterIdentifier, Role | Count | ||
| AuroraVolumeBytesLeftTotal | DBInstanceIdentifier | Count | ||
| AbortedClients | Region, DatabaseClass | Count | ||
| AbortedClients | Region, DBClusterIdentifier | Count | ||
| AbortedClients | Region | Count | ||
| AbortedClients | Region, EngineName | Count | ||
| AbortedClients | Region, DBClusterIdentifier, Role | Count | ||
| BufferCacheHitRatio | Region, DatabaseClass | Percent | ||
| BufferCacheHitRatio | Region, DBClusterIdentifier | Percent | ||
| BufferCacheHitRatio | Region | Percent | ||
| BufferCacheHitRatio | Region, EngineName | Percent | ||
| BufferCacheHitRatio | Region, DBClusterIdentifier, Role | Percent | ||
| FreeLocalStorage | DBInstanceIdentifier | Bytes | ||
| AuroraSlowHandshakeCount | Region, DatabaseClass | Count | ||
| AuroraSlowHandshakeCount | Region, DBClusterIdentifier | Count | ||
| AuroraSlowHandshakeCount | Region | Count | ||
| AuroraSlowHandshakeCount | Region, EngineName | Count | ||
| AuroraSlowHandshakeCount | Region, DBClusterIdentifier, Role | Count | ||
| Aurora_pq_request_not_chosen_innodb_table_format | Region, DatabaseClass | Count | ||
| Aurora_pq_request_not_chosen_innodb_table_format | Region, DBClusterIdentifier | Count | ||
| Aurora_pq_request_not_chosen_innodb_table_format | Region | Count | ||
| Aurora_pq_request_not_chosen_innodb_table_format | Region, EngineName | Count | ||
| Aurora_pq_request_not_chosen_innodb_table_format | Region, DBClusterIdentifier, Role | Count | ||
| ForwardingWriterDMLLatency | DBInstanceIdentifier | Count | ||
| Queries | Region, DatabaseClass | Count/Second | ||
| Queries | Region, DBClusterIdentifier | Count/Second | ||
| Queries | Region | Count/Second | ||
| Queries | Region, EngineName | Count/Second | ||
| Queries | Region, DBClusterIdentifier, Role | Count/Second | ||
| EBSByteBalance% | The percentage of throughput credits remaining in the burst bucket of your RDS database. This metric is available | Region, DatabaseClass | Percent | |
| EBSByteBalance% | Region, DBClusterIdentifier | Percent | ||
| EBSByteBalance% | Region | Percent | ||
| EBSByteBalance% | Region, EngineName | Percent | Applicable | |
| EBSByteBalance% | Region, DBClusterIdentifier, Role | Percent | ||
| ActiveTransactions | Region, DatabaseClass | Count/Second | ||
| ActiveTransactions | Region, DBClusterIdentifier | Count/Second | ||
| ActiveTransactions | Region | Count/Second | ||
| ActiveTransactions | Region, EngineName | Count/Second | ||
| ActiveTransactions | Region, DBClusterIdentifier, Role | Count/Second | ||
| InsertThroughput | Region, DatabaseClass | Count/Second | ||
| InsertThroughput | Region, DBClusterIdentifier | Count/Second | ||
| InsertThroughput | Region | Count/Second | ||
| InsertThroughput | Region, EngineName | Count/Second | ||
| InsertThroughput | Region, DBClusterIdentifier, Role | Count/Second | ||
| ForwardingWriterOpenSessions | Region, DatabaseClass | Count | ||
| ForwardingWriterOpenSessions | Region, DBClusterIdentifier | Count | ||
| ForwardingWriterOpenSessions | Region | Count | ||
| ForwardingWriterOpenSessions | Region, EngineName | Count | ||
| ForwardingWriterOpenSessions | Region, DBClusterIdentifier, Role | Count | ||
| SwapUsage | The amount of swap space used on the DB instance. | DBInstanceIdentifier | Bytes | |
| VolumeReadIOPs | Region, DbClusterIdentifier, EngineName | Count | ||
| VolumeReadIOPs | Region, DBClusterIdentifier | Count | ||
| VolumeReadIOPs | Region, EngineName | Count | ||
| ForwardingWriterDMLThroughput | DBInstanceIdentifier | Count | ||
| AuroraVolumeBytesLeftTotal | Region, DatabaseClass | Count | ||
| AuroraVolumeBytesLeftTotal | Region, DBClusterIdentifier | Count | ||
| AuroraVolumeBytesLeftTotal | Region | Count | ||
| AuroraVolumeBytesLeftTotal | Region, EngineName | Count | ||
| AuroraVolumeBytesLeftTotal | Region, DBClusterIdentifier, Role | Count | ||
| Aurora_pq_request_not_chosen_no_where_clause | Region, DatabaseClass | Count | ||
| Aurora_pq_request_not_chosen_no_where_clause | Region, DBClusterIdentifier | Count | ||
| Aurora_pq_request_not_chosen_no_where_clause | Region | Count | ||
| Aurora_pq_request_not_chosen_no_where_clause | Region, EngineName | Count | ||
| Aurora_pq_request_not_chosen_no_where_clause | Region, DBClusterIdentifier, Role | Count | ||
| VolumeBytesUsed | Region, DbClusterIdentifier, EngineName | Bytes | ||
| VolumeBytesUsed | Region, DBClusterIdentifier | Bytes | ||
| VolumeBytesUsed | Region, EngineName | Bytes | ||
| Aurora_pq_request_not_chosen_range_scan | DBInstanceIdentifier | Count | ||
| UpdateLatency | Region, DatabaseClass | Milliseconds | ||
| UpdateLatency | Region, DBClusterIdentifier | Milliseconds | ||
| UpdateLatency | Region | Milliseconds | ||
| UpdateLatency | Region, EngineName | Milliseconds | ||
| UpdateLatency | Region, DBClusterIdentifier, Role | Milliseconds | ||
| UpdateThroughput | Region, DatabaseClass | Count/Second | ||
| UpdateThroughput | Region, DBClusterIdentifier | Count/Second | ||
| UpdateThroughput | Region | Count/Second | ||
| UpdateThroughput | Region, EngineName | Count/Second | ||
| UpdateThroughput | Region, DBClusterIdentifier, Role | Count/Second | ||
| CPUUtilization | The percentage of CPU utilization. | Region, DatabaseClass | Percent | |
| CPUUtilization | Region, DBClusterIdentifier | Percent | ||
| CPUUtilization | Region | Percent | ||
| CPUUtilization | Region, EngineName | Percent | Applicable | |
| CPUUtilization | Region, DBClusterIdentifier, Role | Percent | ||
| Aurora_pq_request_in_progress | Region, DatabaseClass | Count | ||
| Aurora_pq_request_in_progress | Region, DBClusterIdentifier | Count | ||
| Aurora_pq_request_in_progress | Region | Count | ||
| Aurora_pq_request_in_progress | Region, EngineName | Count | ||
| Aurora_pq_request_in_progress | Region, DBClusterIdentifier, Role | Count | ||
| ForwardingReplicaDMLThroughput | Region, DatabaseClass | Count | ||
| ForwardingReplicaDMLThroughput | Region, DBClusterIdentifier | Count | ||
| ForwardingReplicaDMLThroughput | Region | Count | ||
| ForwardingReplicaDMLThroughput | Region, EngineName | Count | ||
| ForwardingReplicaDMLThroughput | Region, DBClusterIdentifier, Role | Count | ||
| LVMWriteIOPS | Region, DatabaseClass | Count/Second | ||
| LVMWriteIOPS | Region | Count/Second | ||
| LVMWriteIOPS | Region, EngineName | Count/Second | Applicable | |
| ForwardingReplicaSelectThroughput | Region, DatabaseClass | Count | ||
| ForwardingReplicaSelectThroughput | Region, DBClusterIdentifier | Count | ||
| ForwardingReplicaSelectThroughput | Region | Count | ||
| ForwardingReplicaSelectThroughput | Region, EngineName | Count | ||
| ForwardingReplicaSelectThroughput | Region, DBClusterIdentifier, Role | Count | ||
| Aurora_pq_request_failed | Region, DatabaseClass | Count | ||
| Aurora_pq_request_failed | Region, DBClusterIdentifier | Count | ||
| Aurora_pq_request_failed | Region | Count | ||
| Aurora_pq_request_failed | Region, EngineName | Count | ||
| Aurora_pq_request_failed | Region, DBClusterIdentifier, Role | Count | ||
| Aurora_pq_request_not_chosen_range_scan | Region, DatabaseClass | Count | ||
| Aurora_pq_request_not_chosen_range_scan | Region, DBClusterIdentifier | Count | ||
| Aurora_pq_request_not_chosen_range_scan | Region | Count | ||
| Aurora_pq_request_not_chosen_range_scan | Region, EngineName | Count | ||
| Aurora_pq_request_not_chosen_range_scan | Region, DBClusterIdentifier, Role | Count | ||
| EngineUptime | DBInstanceIdentifier | Seconds | ||
| Aurora_pq_request_not_chosen_few_pages_outside_buffer_pool | Region, DatabaseClass | Count | ||
| Aurora_pq_request_not_chosen_few_pages_outside_buffer_pool | Region, DBClusterIdentifier | Count | ||
| Aurora_pq_request_not_chosen_few_pages_outside_buffer_pool | Region | Count | ||
| Aurora_pq_request_not_chosen_few_pages_outside_buffer_pool | Region, EngineName | Count | ||
| Aurora_pq_request_not_chosen_few_pages_outside_buffer_pool | Region, DBClusterIdentifier, Role | Count | ||
| Aurora_pq_request_not_chosen | Region, DatabaseClass | Count | ||
| Aurora_pq_request_not_chosen | Region, DBClusterIdentifier | Count | ||
| Aurora_pq_request_not_chosen | Region | Count | ||
| Aurora_pq_request_not_chosen | Region, EngineName | Count | ||
| Aurora_pq_request_not_chosen | Region, DBClusterIdentifier, Role | Count | ||
| ConnectionAttempts | The number of attempts to connect to an instance, whether successful or not. | Region, DatabaseClass | Count | |
| ConnectionAttempts | Region, DBClusterIdentifier | Count | ||
| ConnectionAttempts | Region | Count | ||
| ConnectionAttempts | Region, EngineName | Count | ||
| ConnectionAttempts | Region, DBClusterIdentifier, Role | Count | ||
| ForwardingWriterOpenSessions | DBInstanceIdentifier | Count | ||
| NetworkThroughput | Region, DatabaseClass | Bytes/Second | ||
| NetworkThroughput | Region, DBClusterIdentifier | Bytes/Second | ||
| NetworkThroughput | Region | Bytes/Second | ||
| NetworkThroughput | Region, EngineName | Bytes/Second | ||
| NetworkThroughput | Region, DBClusterIdentifier, Role | Bytes/Second | ||
| RollbackSegmentHistoryListLength | DBInstanceIdentifier | Count | ||
| SnapshotStorageUsed | Region, DBClusterIdentifier | Bytes | ||
| SnapshotStorageUsed | Region, EngineName | Bytes | ||
| AuroraBinlogReplicaLag | Region, DatabaseClass | Seconds | ||
| AuroraBinlogReplicaLag | Region, DBClusterIdentifier | Seconds | ||
| AuroraBinlogReplicaLag | Region | Seconds | ||
| AuroraBinlogReplicaLag | Region, EngineName | Seconds | ||
| AuroraBinlogReplicaLag | Region, DBClusterIdentifier, Role | Seconds | ||
| ForwardingReplicaSelectLatency | Region, DatabaseClass | Count | ||
| ForwardingReplicaSelectLatency | Region, DBClusterIdentifier | Count | ||
| ForwardingReplicaSelectLatency | Region | Count | ||
| ForwardingReplicaSelectLatency | Region, EngineName | Count | ||
| ForwardingReplicaSelectLatency | Region, DBClusterIdentifier, Role | Count | ||
| LVMReadIOPS | Region, DatabaseClass | Count/Second | ||
| LVMReadIOPS | Region | Count/Second | ||
| LVMReadIOPS | Region, EngineName | Count/Second | Applicable | |
| Aurora_pq_request_not_chosen_index_hint | DBInstanceIdentifier | Count | ||
| FreeLocalStorage | Region, DatabaseClass | Bytes | ||
| FreeLocalStorage | Region, DBClusterIdentifier | Bytes | ||
| FreeLocalStorage | Region | Bytes | ||
| FreeLocalStorage | Region, EngineName | Bytes | ||
| FreeLocalStorage | Region, DBClusterIdentifier, Role | Bytes | ||
| StorageNetworkReceiveThroughput | Region, DatabaseClass | Bytes/Second | ||
| StorageNetworkReceiveThroughput | Region, DBClusterIdentifier | Bytes/Second | ||
| StorageNetworkReceiveThroughput | Region | Bytes/Second | ||
| StorageNetworkReceiveThroughput | Region, EngineName | Bytes/Second | ||
| StorageNetworkReceiveThroughput | Region, DBClusterIdentifier, Role | Bytes/Second | ||
| Aurora_pq_request_executed | Region, DatabaseClass | Count | ||
| Aurora_pq_request_executed | Region, DBClusterIdentifier | Count | ||
| Aurora_pq_request_executed | Region | Count | ||
| Aurora_pq_request_executed | Region, EngineName | Count | ||
| Aurora_pq_request_executed | Region, DBClusterIdentifier, Role | Count | ||
| ReadLatency | The average amount of time taken per disk I/O operation. | Region, DatabaseClass | Seconds | |
| ReadLatency | Region, DBClusterIdentifier | Seconds | ||
| ReadLatency | Region | Seconds | ||
| ReadLatency | Region, EngineName | Seconds | ||
| ReadLatency | Region, DBClusterIdentifier, Role | Seconds | ||
| Aurora_pq_request_not_chosen_update_delete_stmts | Region, DatabaseClass | Count | ||
| Aurora_pq_request_not_chosen_update_delete_stmts | Region, DBClusterIdentifier | Count | ||
| Aurora_pq_request_not_chosen_update_delete_stmts | Region | Count | ||
| Aurora_pq_request_not_chosen_update_delete_stmts | Region, EngineName | Count | ||
| Aurora_pq_request_not_chosen_update_delete_stmts | Region, DBClusterIdentifier, Role | Count | ||
| FreeableMemory | The amount of available random access memory. | DBInstanceIdentifier | Bytes | Applicable |
| FreeableMemory | DBInstanceIdentifier | Bytes | ||
| FreeableMemory | DBInstanceIdentifier | Bytes | ||
| Aurora_pq_request_not_chosen_below_min_rows | Region, DatabaseClass | Count | ||
| Aurora_pq_request_not_chosen_below_min_rows | Region, DBClusterIdentifier | Count | ||
| Aurora_pq_request_not_chosen_below_min_rows | Region | Count | ||
| Aurora_pq_request_not_chosen_below_min_rows | Region, EngineName | Count | ||
| Aurora_pq_request_not_chosen_below_min_rows | Region, DBClusterIdentifier, Role | Count | ||
| AuroraSlowConnectionHandleCount | DBInstanceIdentifier | Count | ||
| StorageNetworkThroughput | Region, DatabaseClass | Bytes/Second | ||
| StorageNetworkThroughput | Region, DBClusterIdentifier | Bytes/Second | ||
| StorageNetworkThroughput | Region | Bytes/Second | ||
| StorageNetworkThroughput | Region, EngineName | Bytes/Second | ||
| StorageNetworkThroughput | Region, DBClusterIdentifier, Role | Bytes/Second | ||
| ActiveTransactions | DBInstanceIdentifier | Count/Second | ||
| Aurora_pq_request_not_chosen_column_virtual | Region, DatabaseClass | Count | ||
| Aurora_pq_request_not_chosen_column_virtual | Region, DBClusterIdentifier | Count | ||
| Aurora_pq_request_not_chosen_column_virtual | Region | Count | ||
| Aurora_pq_request_not_chosen_column_virtual | Region, EngineName | Count | ||
| Aurora_pq_request_not_chosen_column_virtual | Region, DBClusterIdentifier, Role | Count | ||
| LoginFailures | DBInstanceIdentifier | Count/Second | ||
| ForwardingReplicaReadWaitThroughput | Region, DatabaseClass | Count | ||
| ForwardingReplicaReadWaitThroughput | Region, DBClusterIdentifier | Count | ||
| ForwardingReplicaReadWaitThroughput | Region | Count | ||
| ForwardingReplicaReadWaitThroughput | Region, EngineName | Count | ||
| ForwardingReplicaReadWaitThroughput | Region, DBClusterIdentifier, Role | Count | ||
| SelectLatency | DBInstanceIdentifier | Milliseconds | ||
| VolumeWriteIOPs | Region, DbClusterIdentifier, EngineName | Count | ||
| VolumeWriteIOPs | Region, DBClusterIdentifier | Count | ||
| VolumeWriteIOPs | Region, EngineName | Count | ||
| Aurora_pq_request_not_chosen_full_text_index | Region, DatabaseClass | Count | ||
| Aurora_pq_request_not_chosen_full_text_index | Region, DBClusterIdentifier | Count | ||
| Aurora_pq_request_not_chosen_full_text_index | Region | Count | ||
| Aurora_pq_request_not_chosen_full_text_index | Region, EngineName | Count | ||
| Aurora_pq_request_not_chosen_full_text_index | Region, DBClusterIdentifier, Role | Count | ||
| AuroraBinlogReplicaLag | DBInstanceIdentifier | Seconds | ||
| RowLockTime | Region, DatabaseClass | Count | ||
| RowLockTime | Region, DBClusterIdentifier | Count | ||
| RowLockTime | Region | Count | ||
| RowLockTime | Region, EngineName | Count | ||
| RowLockTime | Region, DBClusterIdentifier, Role | Count | ||
| Aurora_pq_request_not_chosen_column_bit | DBInstanceIdentifier | Count | ||
| Aurora_pq_request_not_chosen_high_buffer_pool_pct | Region, DatabaseClass | Count | ||
| Aurora_pq_request_not_chosen_high_buffer_pool_pct | Region, DBClusterIdentifier | Count | ||
| Aurora_pq_request_not_chosen_high_buffer_pool_pct | Region | Count | ||
| Aurora_pq_request_not_chosen_high_buffer_pool_pct | Region, EngineName | Count | ||
| Aurora_pq_request_not_chosen_high_buffer_pool_pct | Region, DBClusterIdentifier, Role | Count | ||
| ForwardingWriterDMLLatency | Region, DatabaseClass | Count | ||
| ForwardingWriterDMLLatency | Region, DBClusterIdentifier | Count | ||
| ForwardingWriterDMLLatency | Region | Count | ||
| ForwardingWriterDMLLatency | Region, EngineName | Count | ||
| ForwardingWriterDMLLatency | Region, DBClusterIdentifier, Role | Count | ||
| Aurora_pq_request_not_chosen_index_hint | Region, DatabaseClass | Count | ||
| Aurora_pq_request_not_chosen_index_hint | Region, DBClusterIdentifier | Count | ||
| Aurora_pq_request_not_chosen_index_hint | Region | Count | ||
| Aurora_pq_request_not_chosen_index_hint | Region, EngineName | Count | ||
| Aurora_pq_request_not_chosen_index_hint | Region, DBClusterIdentifier, Role | Count | ||
| CommitLatency | DBInstanceIdentifier | Milliseconds | ||
| ForwardingReplicaSelectLatency | DBInstanceIdentifier | Count | ||
| ReadIOPS | The average number of disk read I/O operations per second. | Region, DatabaseClass | Count/Second | |
| ReadIOPS | Region | Count/Second | ||
| ReadIOPS | Region, EngineName | Count/Second | ||
| StorageNetworkTransmitThroughput | DBInstanceIdentifier | Bytes/Second | ||
| Aurora_pq_request_not_chosen_innodb_table_format | DBInstanceIdentifier | Count | ||
| WriteLatency | The average amount of time taken per disk I/O operation. | Region, DatabaseClass | Seconds | |
| WriteLatency | Region, DBClusterIdentifier | Seconds | ||
| WriteLatency | Region | Seconds | ||
| WriteLatency | Region, EngineName | Seconds | ||
| WriteLatency | Region, DBClusterIdentifier, Role | Seconds | ||
| SelectThroughput | Region, DatabaseClass | Count/Second | ||
| SelectThroughput | Region, DBClusterIdentifier | Count/Second | ||
| SelectThroughput | Region | Count/Second | ||
| SelectThroughput | Region, EngineName | Count/Second | ||
| SelectThroughput | Region, DBClusterIdentifier, Role | Count/Second | ||
| Aurora_pq_request_not_chosen | DBInstanceIdentifier | Count | ||
| FreeableMemory | The amount of available random access memory. | Region, DatabaseClass | Bytes | |
| FreeableMemory | Region, DBClusterIdentifier | Bytes | ||
| FreeableMemory | Region | Bytes | ||
| FreeableMemory | Region, EngineName | Bytes | Applicable | |
| FreeableMemory | Region, DBClusterIdentifier, Role | Bytes | ||
| FreeableMemory | Region, EngineName | Bytes | ||
| ReadLatency | The average amount of time taken per disk I/O operation. | DBInstanceIdentifier | Seconds | Applicable |
| DMLLatency | DBInstanceIdentifier | Milliseconds | ||
| NetworkReceiveThroughput | The incoming (receive) network traffic on the DB instance, including both customer database traffic and Amazon RDS | DBInstanceIdentifier | Bytes/Second | Applicable |
| Aurora_pq_request_not_chosen_unsupported_access | DBInstanceIdentifier | Count | ||
| UpdateLatency | DBInstanceIdentifier | Milliseconds | ||
| DBLoad | DBInstanceIdentifier | None | ||
| Aurora_pq_request_not_chosen_row_length_too_long | DBInstanceIdentifier | Count | ||
| BinLogDiskUsage | The amount of disk space occupied by binary logs. If automatic backups are enabled for MySQL and MariaDB instances, | DBInstanceIdentifier | Bytes | Applicable |
| BinLogDiskUsage | DBInstanceIdentifier | Bytes | ||
| Aurora_pq_request_not_chosen_no_where_clause | DBInstanceIdentifier | Count | ||
| DDLLatency | DBInstanceIdentifier | Milliseconds | ||
| SumBinaryLogSize | DBInstanceIdentifier | Count | ||
| Aurora_pq_request_not_chosen_below_min_rows | DBInstanceIdentifier | Count | ||
| Aurora_pq_request_in_progress | DBInstanceIdentifier | Count | ||
| DatabaseConnections | The number of client network connections to the database instance. | DBInstanceIdentifier | Count | Applicable |
| CPUUtilization | The percentage of CPU utilization. | DBInstanceIdentifier | Percent | Applicable |
| ForwardingReplicaReadWaitLatency | Region, DatabaseClass | Count | ||
| ForwardingReplicaReadWaitLatency | Region, DBClusterIdentifier | Count | ||
| ForwardingReplicaReadWaitLatency | Region | Count | ||
| ForwardingReplicaReadWaitLatency | Region, EngineName | Count | ||
| ForwardingReplicaReadWaitLatency | Region, DBClusterIdentifier, Role | Count | ||
| AbortedClients | DBInstanceIdentifier | Count | ||
| ReadThroughput | The average number of bytes read from disk per second. | DBInstanceIdentifier | Bytes/Second | |
| Aurora_pq_request_not_chosen_column_virtual | DBInstanceIdentifier | Count | ||
| Aurora_pq_request_throttled | Region, DatabaseClass | Count | ||
| Aurora_pq_request_throttled | Region, DBClusterIdentifier | Count | ||
| Aurora_pq_request_throttled | Region | Count | ||
| Aurora_pq_request_throttled | Region, EngineName | Count | ||
| Aurora_pq_request_throttled | Region, DBClusterIdentifier, Role | Count | ||
| AuroraDMLRejectedWriterFull | Region, DatabaseClass | Count | ||
| AuroraDMLRejectedWriterFull | Region, DBClusterIdentifier | Count | ||
| AuroraDMLRejectedWriterFull | Region | Count | ||
| AuroraDMLRejectedWriterFull | Region, EngineName | Count | ||
| AuroraDMLRejectedWriterFull | Region, DBClusterIdentifier, Role | Count | ||
| ForwardingReplicaDMLLatency | DBInstanceIdentifier | Count | ||
| WriteThroughput | The average number of bytes written to disk per second. | DBInstanceIdentifier | Bytes/Second | |
| DiskQueueDepth | The number of outstanding I/Os (read/write requests) waiting to access the disk. | DBInstanceIdentifier | Count | Applicable |
| Aurora_pq_request_not_chosen_full_text_index | DBInstanceIdentifier | Count | ||
| ForwardingReplicaOpenSessions | DBInstanceIdentifier | Count | ||
| StorageNetworkTransmitThroughput | Region, DatabaseClass | Bytes/Second | ||
| StorageNetworkTransmitThroughput | Region, DBClusterIdentifier | Bytes/Second | ||
| StorageNetworkTransmitThroughput | Region | Bytes/Second | ||
| StorageNetworkTransmitThroughput | Region, EngineName | Bytes/Second | ||
| StorageNetworkTransmitThroughput | Region, DBClusterIdentifier, Role | Bytes/Second | ||
| Aurora_pq_request_not_chosen_long_trx | DBInstanceIdentifier | Count | ||
| Aurora_pq_request_not_chosen_temporary_table | DBInstanceIdentifier | Count | ||
| RowLockTime | DBInstanceIdentifier | Count | ||
| Aurora_pq_request_not_chosen_tx_isolation | DBInstanceIdentifier | Count | ||
| NetworkReceiveThroughput | The incoming (receive) network traffic on the DB instance, including both customer database traffic and Amazon RDS | Region, DatabaseClass | Bytes/Second | |
| NetworkReceiveThroughput | Region, DBClusterIdentifier | Bytes/Second | ||
| NetworkReceiveThroughput | Region | Bytes/Second | ||
| NetworkReceiveThroughput | Region, EngineName | Bytes/Second | Applicable | |
| NetworkReceiveThroughput | Region, DBClusterIdentifier, Role | Bytes/Second | ||
| Aurora_pq_request_not_chosen_small_table | DBInstanceIdentifier | Count | ||
| DBLoadNonCPU | DBInstanceIdentifier | None | ||
| WriteIOPS | The average number of disk write I/O operations per second. | Region, DatabaseClass | Count/Second | |
| WriteIOPS | Region | Count/Second | ||
| WriteIOPS | Region, EngineName | Count/Second | ||
| Aurora_pq_request_not_chosen_column_lob | DBInstanceIdentifier | Count | ||
| BurstBalance | The percent of General Purpose SSD (gp2) burst-bucket I/O credits available. | DBInstanceIdentifier | Percent | Applicable |
| Aurora_pq_request_not_chosen_instant_ddl | Region, DatabaseClass | Count | ||
| Aurora_pq_request_not_chosen_instant_ddl | Region, DBClusterIdentifier | Count | ||
| Aurora_pq_request_not_chosen_instant_ddl | Region | Count | ||
| Aurora_pq_request_not_chosen_instant_ddl | Region, EngineName | Count | ||
| Aurora_pq_request_not_chosen_instant_ddl | Region, DBClusterIdentifier, Role | Count | ||
| DMLThroughput | DBInstanceIdentifier | Count/Second | ||
| WriteIOPS | The average number of disk write I/O operations per second. | DBInstanceIdentifier | Count/Second | |
| WriteThroughput | The average number of bytes written to disk per second. | Region, DatabaseClass | Bytes/Second | |
| WriteThroughput | Region | Bytes/Second | ||
| WriteThroughput | Region, EngineName | Bytes/Second | ||
| BufferCacheHitRatio | DBInstanceIdentifier | Percent | ||
| ConnectionAttempts | The number of attempts to connect to an instance, whether successful or not. | DBInstanceIdentifier | Count | |
| NetworkTransmitThroughput | The outgoing (transmit) network traffic on the DB instance, including both customer database traffic and Amazon RDS | DBInstanceIdentifier | Bytes/Second | |
| Aurora_pq_request_executed | DBInstanceIdentifier | Count | ||
| UpdateThroughput | DBInstanceIdentifier | Count/Second | ||
| ForwardingReplicaSelectThroughput | DBInstanceIdentifier | Count | ||
| StorageNetworkReceiveThroughput | DBInstanceIdentifier | Bytes/Second | ||
| DeleteLatency | DBInstanceIdentifier | Milliseconds | ||
| DDLThroughput | DBInstanceIdentifier | Count/Second | ||
| ReadIOPS | The average number of disk read I/O operations per second. | DBInstanceIdentifier | Count/Second | |
| EBSByteBalance% | The percentage of throughput credits remaining in the burst bucket of your RDS database. This metric is available | DBInstanceIdentifier | Percent | Applicable |
| NetworkThroughput | DBInstanceIdentifier | Bytes/Second | ||
| DBLoad | Region | None | ||
| Deadlocks | DBInstanceIdentifier | Count/Second | ||
| AuroraSlowHandshakeCount | DBInstanceIdentifier | Count | ||
| Aurora_pq_request_throttled | DBInstanceIdentifier | Count | ||
| LVMReadIOPS | DBInstanceIdentifier | Count/Second | Applicable | |
| NumBinaryLogFiles | DBInstanceIdentifier | Count | ||
| EBSIOBalance% | The percentage of I/O credits remaining in the burst bucket of your RDS database. This metric is available for basic | DBInstanceIdentifier | Percent | Applicable |
| BurstBalance | The percent of General Purpose SSD (gp2) burst-bucket I/O credits available. | Region, DatabaseClass | Percent | |
| BurstBalance | Region | Percent | ||
| BurstBalance | Region, EngineName | Percent | Applicable | |
| FreeStorageSpace | The amount of available storage space. | DBInstanceIdentifier | Bytes | Applicable |
| FreeStorageSpace | DBInstanceIdentifier | Bytes | ||
| FreeStorageSpace | DBInstanceIdentifier | Bytes | ||
| DBLoadNonCPU | Region | None | ||
| AuroraDMLRejectedWriterFull | DBInstanceIdentifier | Count | ||
| InsertLatency | DBInstanceIdentifier | Milliseconds | ||
| Aurora_pq_request_not_chosen_instant_ddl | DBInstanceIdentifier | Count | ||
| Aurora_pq_request_not_chosen_update_delete_stmts | DBInstanceIdentifier | Count | ||
| SelectThroughput | DBInstanceIdentifier | Count/Second | ||
| InsertThroughput | DBInstanceIdentifier | Count/Second | ||
| Aurora_pq_request_not_chosen_column_geometry | DBInstanceIdentifier | Count | ||
| WriteLatency | The average amount of time taken per disk I/O operation. | DBInstanceIdentifier | Seconds | Applicable |
| LVMWriteIOPS | DBInstanceIdentifier | Count/Second | Applicable |
Source: aws-service-robomaker.md¶
title: AWS RoboMaker monitoring source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-with-aws/aws-all-services/aws-service-robomaker scraped: 2026-02-18T05:49:08.239613
AWS RoboMaker monitoring¶
AWS RoboMaker monitoring¶
- How-to guide
- 1-min read
- Published Jul 23, 2020
Dynatrace ingests metrics for multiple preselected namespaces, including AWS RoboMaker. You can view graphs per service instance, with a set of dimensions, and create custom graphs that you can pin to your dashboards.
Prerequisites¶
To enable monitoring for this service, you need
-
ActiveGate version 1.197+
-
For Dynatrace SaaS deployments, you need an Environment ActiveGate or a Multi-environment ActiveGate.
For role-based access in SaaS deployment, you need an Environment ActiveGate installed on an Amazon EC2 host.
- Dynatrace version 1.199+
- An updated AWS monitoring policy to include the additional AWS services.
To update the AWS IAM policy, use the JSON below, containing the monitoring policy (permissions) for all supporting services.
JSON predefined policy for all supporting services
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"acm-pca:ListCertificateAuthorities",
"apigateway:GET",
"apprunner:ListServices",
"appstream:DescribeFleets",
"appsync:ListGraphqlApis",
"athena:ListWorkGroups",
"autoscaling:DescribeAutoScalingGroups",
"cloudformation:ListStackResources",
"cloudfront:ListDistributions",
"cloudhsm:DescribeClusters",
"cloudsearch:DescribeDomains",
"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"codebuild:ListProjects",
"datasync:ListTasks",
"dax:DescribeClusters",
"directconnect:DescribeConnections",
"dms:DescribeReplicationInstances",
"dynamodb:ListTables",
"dynamodb:ListTagsOfResource",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeInstances",
"ec2:DescribeNatGateways",
"ec2:DescribeSpotFleetRequests",
"ec2:DescribeTransitGateways",
"ec2:DescribeVolumes",
"ec2:DescribeVpnConnections",
"ecs:ListClusters",
"eks:ListClusters",
"elasticache:DescribeCacheClusters",
"elasticbeanstalk:DescribeEnvironmentResources",
"elasticbeanstalk:DescribeEnvironments",
"elasticfilesystem:DescribeFileSystems",
"elasticloadbalancing:DescribeInstanceHealth",
"elasticloadbalancing:DescribeListeners",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeRules",
"elasticloadbalancing:DescribeTags",
"elasticloadbalancing:DescribeTargetHealth",
"elasticmapreduce:ListClusters",
"elastictranscoder:ListPipelines",
"es:ListDomainNames",
"events:ListEventBuses",
"firehose:ListDeliveryStreams",
"fsx:DescribeFileSystems",
"gamelift:ListFleets",
"glue:GetJobs",
"inspector:ListAssessmentTemplates",
"kafka:ListClusters",
"kinesis:ListStreams",
"kinesisanalytics:ListApplications",
"kinesisvideo:ListStreams",
"lambda:ListFunctions",
"lambda:ListTags",
"lex:GetBots",
"logs:DescribeLogGroups",
"mediaconnect:ListFlows",
"mediaconvert:DescribeEndpoints",
"mediapackage-vod:ListPackagingConfigurations",
"mediapackage:ListChannels",
"mediatailor:ListPlaybackConfigurations",
"opsworks:DescribeStacks",
"qldb:ListLedgers",
"rds:DescribeDBClusters",
"rds:DescribeDBInstances",
"rds:DescribeEvents",
"rds:ListTagsForResource",
"redshift:DescribeClusters",
"robomaker:ListSimulationJobs",
"route53:ListHostedZones",
"route53resolver:ListResolverEndpoints",
"s3:ListAllMyBuckets",
"sagemaker:ListEndpoints",
"sns:ListTopics",
"sqs:ListQueues",
"storagegateway:ListGateways",
"sts:GetCallerIdentity",
"swf:ListDomains",
"tag:GetResources",
"tag:GetTagKeys",
"transfer:ListServers",
"workmail:ListOrganizations",
"workspaces:DescribeWorkspaces"
],
"Resource": "*"
}
]
}
If you don't want to add permissions to all services, and just select permissions for certain services, consult the table below. The table contains a set of permissions that are required for All AWS cloud services and, for each supporting service, a list of optional permissions specific to that service.
Permissions required for AWS monitoring integration:
"cloudwatch:GetMetricData""cloudwatch:GetMetricStatistics""cloudwatch:ListMetrics""sts:GetCallerIdentity""tag:GetResources""tag:GetTagKeys""ec2:DescribeAvailabilityZones"
Complete list of permissions for cloud services¶
| Name | Permissions |
|---|---|
| All monitored Amazon services Required | cloudwatch:GetMetricData, cloudwatch:GetMetricStatistics, cloudwatch:ListMetrics, sts:GetCallerIdentity, tag:GetResources, tag:GetTagKeys, ec2:DescribeAvailabilityZones |
| AWS Certificate Manager Private Certificate Authority | acm-pca:ListCertificateAuthorities |
| Amazon MQ | |
| Amazon API Gateway | apigateway:GET |
| AWS App Runner | apprunner:ListServices |
| Amazon AppStream | appstream:DescribeFleets |
| AWS AppSync | appsync:ListGraphqlApis |
| Amazon Athena | athena:ListWorkGroups |
| Amazon Aurora | rds:DescribeDBClusters |
| Amazon EC2 Auto Scaling | autoscaling:DescribeAutoScalingGroups |
| Amazon EC2 Auto Scaling (built-in) | autoscaling:DescribeAutoScalingGroups |
| AWS Billing | |
| Amazon Keyspaces | |
| AWS Chatbot | |
| Amazon CloudFront | cloudfront:ListDistributions |
| AWS CloudHSM | cloudhsm:DescribeClusters |
| Amazon CloudSearch | cloudsearch:DescribeDomains |
| AWS CodeBuild | codebuild:ListProjects |
| Amazon Cognito | |
| Amazon Connect | |
| Amazon Elastic Kubernetes Service (EKS) | eks:ListClusters |
| AWS DataSync | datasync:ListTasks |
| Amazon DynamoDB Accelerator (DAX) | dax:DescribeClusters |
| AWS Database Migration Service (AWS DMS) | dms:DescribeReplicationInstances |
| Amazon DocumentDB | rds:DescribeDBClusters |
| AWS Direct Connect | directconnect:DescribeConnections |
| Amazon DynamoDB | dynamodb:ListTables |
| Amazon DynamoDB (built-in) | dynamodb:ListTables, dynamodb:ListTagsOfResource |
| Amazon EBS | ec2:DescribeVolumes |
| Amazon EBS (built-in) | ec2:DescribeVolumes |
| Amazon EC2 API | |
| Amazon EC2 (built-in) | ec2:DescribeInstances |
| Amazon EC2 Spot Fleet | ec2:DescribeSpotFleetRequests |
| Amazon Elastic Container Service (ECS) | ecs:ListClusters |
| Amazon ECS Container Insights | ecs:ListClusters |
| Amazon ElastiCache (EC) | elasticache:DescribeCacheClusters |
| AWS Elastic Beanstalk | elasticbeanstalk:DescribeEnvironments |
| Amazon Elastic File System (EFS) | elasticfilesystem:DescribeFileSystems |
| Amazon Elastic Inference | |
| Amazon Elastic Map Reduce (EMR) | elasticmapreduce:ListClusters |
| Amazon Elasticsearch Service (ES) | es:ListDomainNames |
| Amazon Elastic Transcoder | elastictranscoder:ListPipelines |
| Amazon Elastic Load Balancer (ELB) (built-in) | elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth |
| Amazon EventBridge | events:ListEventBuses |
| Amazon FSx | fsx:DescribeFileSystems |
| Amazon GameLift | gamelift:ListFleets |
| AWS Glue | glue:GetJobs |
| Amazon Inspector | inspector:ListAssessmentTemplates |
| AWS Internet of Things (IoT) | |
| AWS IoT Analytics | |
| Amazon Managed Streaming for Kafka | kafka:ListClusters |
| Amazon Kinesis Data Analytics | kinesisanalytics:ListApplications |
| Amazon Data Firehose | firehose:ListDeliveryStreams |
| Amazon Kinesis Data Streams | kinesis:ListStreams |
| Amazon Kinesis Video Streams | kinesisvideo:ListStreams |
| AWS Lambda | lambda:ListFunctions |
| AWS Lambda (built-in) | lambda:ListFunctions, lambda:ListTags |
| Amazon Lex | lex:GetBots |
| Amazon Application and Network Load Balancer (built-in) | elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth |
| Amazon CloudWatch Logs | logs:DescribeLogGroups |
| AWS Elemental MediaConnect | mediaconnect:ListFlows |
| AWS Elemental MediaConvert | mediaconvert:DescribeEndpoints |
| AWS Elemental MediaPackage Live | mediapackage:ListChannels |
| AWS Elemental MediaPackage Video on Demand | mediapackage-vod:ListPackagingConfigurations |
| AWS Elemental MediaTailor | mediatailor:ListPlaybackConfigurations |
| Amazon VPC NAT Gateways | ec2:DescribeNatGateways |
| Amazon Neptune | rds:DescribeDBClusters |
| AWS OpsWorks | opsworks:DescribeStacks |
| Amazon Polly | |
| Amazon QLDB | qldb:ListLedgers |
| Amazon RDS | rds:DescribeDBInstances |
| Amazon RDS (built-in) | rds:DescribeDBInstances, rds:DescribeEvents, rds:ListTagsForResource |
| Amazon Redshift | redshift:DescribeClusters |
| Amazon Rekognition | |
| AWS RoboMaker | robomaker:ListSimulationJobs |
| Amazon Route 53 | route53:ListHostedZones |
| Amazon Route 53 Resolver | route53resolver:ListResolverEndpoints |
| Amazon S3 | s3:ListAllMyBuckets |
| Amazon S3 (built-in) | s3:ListAllMyBuckets |
| Amazon SageMaker Batch Transform Jobs | |
| Amazon SageMaker Endpoint Instances | sagemaker:ListEndpoints |
| Amazon SageMaker Endpoints | sagemaker:ListEndpoints |
| Amazon SageMaker Ground Truth | |
| Amazon SageMaker Processing Jobs | |
| Amazon SageMaker Training Jobs | |
| AWS Service Catalog | |
| Amazon Simple Email Service (SES) | |
| Amazon Simple Notification Service (SNS) | sns:ListTopics |
| Amazon Simple Queue Service (SQS) | sqs:ListQueues |
| AWS Systems Manager - Run Command | |
| AWS Step Functions | |
| AWS Storage Gateway | storagegateway:ListGateways |
| Amazon SWF | swf:ListDomains |
| Amazon Textract | |
| AWS IoT Things Graph | |
| AWS Transfer Family | transfer:ListServers |
| AWS Transit Gateway | ec2:DescribeTransitGateways |
| Amazon Translate | |
| AWS Trusted Advisor | |
| AWS API Usage | |
| AWS Site-to-Site VPN | ec2:DescribeVpnConnections |
| AWS WAF Classic | |
| AWS WAF | |
| Amazon WorkMail | workmail:ListOrganizations |
| Amazon WorkSpaces | workspaces:DescribeWorkspaces |
Example of JSON policy for one single service.
JSON policy for Amazon API Gateway
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"apigateway:GET",
"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"sts:GetCallerIdentity",
"tag:GetResources",
"tag:GetTagKeys",
"ec2:DescribeAvailabilityZones"
],
"Resource": "*"
}
]
}
In this example, from the complete list of permissions you need to select
"apigateway:GET"for Amazon API Gateway"cloudwatch:GetMetricData","cloudwatch:GetMetricStatistics","cloudwatch:ListMetrics","sts:GetCallerIdentity","tag:GetResources","tag:GetTagKeys", and"ec2:DescribeAvailabilityZones"for All AWS cloud services.
AWS endpoints that need to be reachable from ActiveGate with corresponding AWS services¶
| Endpoint | Service |
|---|---|
autoscaling.<REGION>.amazonaws.com |
Amazon EC2 Auto Scaling (built-in), Amazon EC2 Auto Scaling |
lambda.<REGION>.amazonaws.com |
AWS Lambda (built-in), AWS Lambda |
elasticloadbalancing.<REGION>.amazonaws.com |
Amazon Application and Network Load Balancer (built-in), Amazon Elastic Load Balancer (ELB) (built-in) |
dynamodb.<REGION>.amazonaws.com |
Amazon DynamoDB (built-in), Amazon DynamoDB |
ec2.<REGION>.amazonaws.com |
Amazon EBS (built-in), Amazon EC2 (built-in), Amazon EBS, Amazon EC2 Spot Fleet, Amazon VPC NAT Gateways, AWS Transit Gateway, AWS Site-to-Site VPN |
rds.<REGION>.amazonaws.com |
Amazon RDS (built-in), Amazon Aurora, Amazon DocumentDB, Amazon Neptune, Amazon RDS |
s3.<REGION>.amazonaws.com |
Amazon S3 (built-in) |
acm-pca.<REGION>.amazonaws.com |
AWS Certificate Manager Private Certificate Authority |
apigateway.<REGION>.amazonaws.com |
Amazon API Gateway |
apprunner.<REGION>.amazonaws.com |
AWS App Runner |
appstream2.<REGION>.amazonaws.com |
Amazon AppStream |
appsync.<REGION>.amazonaws.com |
AWS AppSync |
athena.<REGION>.amazonaws.com |
Amazon Athena |
cloudfront.amazonaws.com |
Amazon CloudFront |
cloudhsmv2.<REGION>.amazonaws.com |
AWS CloudHSM |
cloudsearch.<REGION>.amazonaws.com |
Amazon CloudSearch |
codebuild.<REGION>.amazonaws.com |
AWS CodeBuild |
datasync.<REGION>.amazonaws.com |
AWS DataSync |
dax.<REGION>.amazonaws.com |
Amazon DynamoDB Accelerator (DAX) |
dms.<REGION>.amazonaws.com |
AWS Database Migration Service (AWS DMS) |
directconnect.<REGION>.amazonaws.com |
AWS Direct Connect |
ecs.<REGION>.amazonaws.com |
Amazon Elastic Container Service (ECS), Amazon ECS Container Insights |
elasticfilesystem.<REGION>.amazonaws.com |
Amazon Elastic File System (EFS) |
eks.<REGION>.amazonaws.com |
Amazon Elastic Kubernetes Service (EKS) |
elasticache.<REGION>.amazonaws.com |
Amazon ElastiCache (EC) |
elasticbeanstalk.<REGION>.amazonaws.com |
AWS Elastic Beanstalk |
elastictranscoder.<REGION>.amazonaws.com |
Amazon Elastic Transcoder |
es.<REGION>.amazonaws.com |
Amazon Elasticsearch Service (ES) |
events.<REGION>.amazonaws.com |
Amazon EventBridge |
fsx.<REGION>.amazonaws.com |
Amazon FSx |
gamelift.<REGION>.amazonaws.com |
Amazon GameLift |
glue.<REGION>.amazonaws.com |
AWS Glue |
inspector.<REGION>.amazonaws.com |
Amazon Inspector |
kafka.<REGION>.amazonaws.com |
Amazon Managed Streaming for Kafka |
models.lex.<REGION>.amazonaws.com |
Amazon Lex |
logs.<REGION>.amazonaws.com |
Amazon CloudWatch Logs |
api.mediatailor.<REGION>.amazonaws.com |
AWS Elemental MediaTailor |
mediaconnect.<REGION>.amazonaws.com |
AWS Elemental MediaConnect |
mediapackage.<REGION>.amazonaws.com |
AWS Elemental MediaPackage Live |
mediapackage-vod.<REGION>.amazonaws.com |
AWS Elemental MediaPackage Video on Demand |
opsworks.<REGION>.amazonaws.com |
AWS OpsWorks |
qldb.<REGION>.amazonaws.com |
Amazon QLDB |
redshift.<REGION>.amazonaws.com |
Amazon Redshift |
robomaker.<REGION>.amazonaws.com |
AWS RoboMaker |
route53.amazonaws.com |
Amazon Route 53 |
route53resolver.<REGION>.amazonaws.com |
Amazon Route 53 Resolver |
api.sagemaker.<REGION>.amazonaws.com |
Amazon SageMaker Endpoints, Amazon SageMaker Endpoint Instances |
sns.<REGION>.amazonaws.com |
Amazon Simple Notification Service (SNS) |
sqs.<REGION>.amazonaws.com |
Amazon Simple Queue Service (SQS) |
storagegateway.<REGION>.amazonaws.com |
AWS Storage Gateway |
swf.<REGION>.amazonaws.com |
Amazon SWF |
transfer.<REGION>.amazonaws.com |
AWS Transfer Family |
workmail.<REGION>.amazonaws.com |
Amazon WorkMail |
workspaces.<REGION>.amazonaws.com |
Amazon WorkSpaces |
Enable monitoring¶
To learn how to enable service monitoring, see Enable service monitoring.
View service metrics¶
You can view the service metrics in your Dynatrace environment either on the custom device overview page or on your Dashboards page.
View metrics on the custom device overview page¶
To access the custom device overview page
- Go to
Technologies & Processes Classic. - Filter by service name and select the relevant custom device group.
- Once you select the custom device group, you're on the custom device group overview page.
- The custom device group overview page lists all instances (custom devices) belonging to the group. Select an instance to view the custom device overview page.
View metrics on your dashboard¶
After you add the service to monitoring, a preset dashboard containing all recommended metrics is automatically listed on your Dashboards page. To look for specific dashboards, filter by Preset and then by Name.

For existing monitored services, you might need to resave your credentials for the preset dashboard to appear on the Dashboards page. To resave your credentials, go to Settings > Cloud and virtualization > AWS, select the desired AWS instance, and then select Save.
You can't make changes on a preset dashboard directly, but you can clone and edit it. To clone a dashboard, open the browse menu (â¦) and select Clone.
To remove a dashboard from the dashboards page, you can hide it. To hide a dashboard, open the browse menu (â¦) and select Hide.
Hiding a dashboard doesn't affect other users.

To check the availability of preset dashboards for each AWS service, see the list below.
Preset dashboard availability list¶
| AWS service | Preset dashboard |
|---|---|
| Amazon EC2 Auto Scaling (built-in) | Not applicable |
| AWS Lambda (built-in) | Not applicable |
| Amazon Application and Network Load Balancer (built-in) | Not applicable |
| Amazon DynamoDB (built-in) | Not applicable |
| Amazon EBS (built-in) | Not applicable |
| Amazon EC2 (built-in) | Not applicable |
| Amazon Elastic Load Balancer (ELB) (built-in) | Not applicable |
| Amazon RDS (built-in) | Not applicable |
| Amazon S3 (built-in) | Not applicable |
| AWS Certificate Manager Private Certificate Authority | Not applicable |
| All monitored Amazon services | Not applicable |
| Amazon API Gateway | Not applicable |
| AWS App Runner | Not applicable |
| Amazon AppStream | Applicable |
| AWS AppSync | Applicable |
| Amazon Athena | Applicable |
| Amazon Aurora | Not applicable |
| Amazon EC2 Auto Scaling | Applicable |
| AWS Billing | Applicable |
| Amazon Keyspaces | Applicable |
| AWS Chatbot | Applicable |
| Amazon CloudFront | Not applicable |
| AWS CloudHSM | Applicable |
| Amazon CloudSearch | Applicable |
| AWS CodeBuild | Applicable |
| Amazon Cognito | Not applicable |
| Amazon Connect | Applicable |
| AWS DataSync | Applicable |
| Amazon DynamoDB Accelerator (DAX) | Applicable |
| AWS Database Migration Service (AWS DMS) | Applicable |
| Amazon DocumentDB | Applicable |
| AWS Direct Connect | Applicable |
| Amazon DynamoDB | Not applicable |
| Amazon EBS | Not applicable |
| Amazon EC2 Spot Fleet | Not applicable |
| Amazon EC2 API | Applicable |
| Amazon Elastic Container Service (ECS) | Not applicable |
| Amazon ECS Container Insights | Applicable |
| Amazon Elastic File System (EFS) | Not applicable |
| Amazon Elastic Kubernetes Service (EKS) | Applicable |
| Amazon ElastiCache (EC) | Not applicable |
| AWS Elastic Beanstalk | Applicable |
| Amazon Elastic Inference | Applicable |
| Amazon Elastic Transcoder | Applicable |
| Amazon Elastic Map Reduce (EMR) | Not applicable |
| Amazon Elasticsearch Service (ES) | Not applicable |
| Amazon EventBridge | Applicable |
| Amazon FSx | Applicable |
| Amazon GameLift | Applicable |
| AWS Glue | Not applicable |
| Amazon Inspector | Applicable |
| AWS Internet of Things (IoT) | Not applicable |
| AWS IoT Things Graph | Applicable |
| AWS IoT Analytics | Applicable |
| Amazon Managed Streaming for Kafka | Applicable |
| Amazon Kinesis Data Analytics | Not applicable |
| Amazon Data Firehose | Not applicable |
| Amazon Kinesis Data Streams | Not applicable |
| Amazon Kinesis Video Streams | Not applicable |
| AWS Lambda | Not applicable |
| Amazon Lex | Applicable |
| Amazon CloudWatch Logs | Applicable |
| AWS Elemental MediaTailor | Applicable |
| AWS Elemental MediaConnect | Applicable |
| AWS Elemental MediaConvert | Applicable |
| AWS Elemental MediaPackage Live | Applicable |
| AWS Elemental MediaPackage Video on Demand | Applicable |
| Amazon MQ | Applicable |
| Amazon VPC NAT Gateways | Not applicable |
| Amazon Neptune | Applicable |
| AWS OpsWorks | Applicable |
| Amazon Polly | Applicable |
| Amazon QLDB | Applicable |
| Amazon RDS | Not applicable |
| Amazon Redshift | Not applicable |
| Amazon Rekognition | Applicable |
| AWS RoboMaker | Applicable |
| Amazon Route 53 | Applicable |
| Amazon Route 53 Resolver | Applicable |
| Amazon S3 | Not applicable |
| Amazon SageMaker Batch Transform Jobs | Not applicable |
| Amazon SageMaker Endpoints | Not applicable |
| Amazon SageMaker Endpoint Instances | Not applicable |
| Amazon SageMaker Ground Truth | Not applicable |
| Amazon SageMaker Processing Jobs | Not applicable |
| Amazon SageMaker Training Jobs | Not applicable |
| AWS Service Catalog | Applicable |
| Amazon Simple Email Service (SES) | Not applicable |
| Amazon Simple Notification Service (SNS) | Not applicable |
| Amazon Simple Queue Service (SQS) | Not applicable |
| AWS Systems Manager - Run Command | Applicable |
| AWS Step Functions | Applicable |
| AWS Storage Gateway | Applicable |
| Amazon SWF | Applicable |
| Amazon Textract | Applicable |
| AWS Transfer Family | Applicable |
| AWS Transit Gateway | Applicable |
| Amazon Translate | Applicable |
| AWS Trusted Advisor | Applicable |
| AWS API Usage | Applicable |
| AWS Site-to-Site VPN | Applicable |
| AWS WAF Classic | Applicable |
| AWS WAF | Applicable |
| Amazon WorkMail | Applicable |
| Amazon WorkSpaces | Applicable |

Available metrics¶
SimulationJobId is the main dimension.
| Name | Description | Unit | Statistics | Dimensions | Recommended |
|---|---|---|---|---|---|
| Memory | The amount of Memory, in GB, used by the SimulationJob | Gigabytes | Multi | SimulationJobId | Applicable |
| RealTimeFactor | The ratio of the amount of time that was simulated versus wall clock time | Count | Multi | SimulationJobId | Applicable |
| SimulationUnit | SimulationUnit is calculated based on vCPU and memory consumption of the Simulation Job | Count | Multi | SimulationJobId | Applicable |
| SimulationUnit | Count | Sum | SimulationJobId | Applicable | |
| vCPU | The number of virtual CPU cores used by the simulation job | Count | Multi | SimulationJobId | Applicable |
Limitations¶
The vCPU, Memory, and SimulationUnit metrics are for estimation purposes. AWS RoboMaker emits metrics while preparing to run a simulation job. Charges do not accrue until the simulation job is in the Running state. For more information, see AWS documentation.
Source: aws-service-route-53-resolver.md¶
title: Amazon Route 53 Resolver monitoring source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-with-aws/aws-all-services/aws-service-route-53-resolver scraped: 2026-02-17T21:33:45.287503
Amazon Route 53 Resolver monitoring¶
Amazon Route 53 Resolver monitoring¶
- How-to guide
- 2-min read
- Published Sep 08, 2020
Dynatrace ingests metrics for multiple preselected namespaces, including Amazon Route 53 Resolver. You can view metrics for each service instance, split metrics into multiple dimensions, and create custom charts that you can pin to your dashboards.
Prerequisites¶
To enable monitoring for this service, you need
-
ActiveGate version 1.197+
-
For Dynatrace SaaS deployments, you need an Environment ActiveGate or a Multi-environment ActiveGate.
For role-based access in a SaaS deployment, you need an Environment ActiveGate installed on an Amazon EC2 host.
- Dynatrace version 1.201+
- An updated AWS monitoring policy to include the additional AWS services.
To update the AWS IAM policy, use the JSON below, containing the monitoring policy (permissions) for all supporting services.
JSON predefined policy for all supporting services
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"acm-pca:ListCertificateAuthorities",
"apigateway:GET",
"apprunner:ListServices",
"appstream:DescribeFleets",
"appsync:ListGraphqlApis",
"athena:ListWorkGroups",
"autoscaling:DescribeAutoScalingGroups",
"cloudformation:ListStackResources",
"cloudfront:ListDistributions",
"cloudhsm:DescribeClusters",
"cloudsearch:DescribeDomains",
"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"codebuild:ListProjects",
"datasync:ListTasks",
"dax:DescribeClusters",
"directconnect:DescribeConnections",
"dms:DescribeReplicationInstances",
"dynamodb:ListTables",
"dynamodb:ListTagsOfResource",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeInstances",
"ec2:DescribeNatGateways",
"ec2:DescribeSpotFleetRequests",
"ec2:DescribeTransitGateways",
"ec2:DescribeVolumes",
"ec2:DescribeVpnConnections",
"ecs:ListClusters",
"eks:ListClusters",
"elasticache:DescribeCacheClusters",
"elasticbeanstalk:DescribeEnvironmentResources",
"elasticbeanstalk:DescribeEnvironments",
"elasticfilesystem:DescribeFileSystems",
"elasticloadbalancing:DescribeInstanceHealth",
"elasticloadbalancing:DescribeListeners",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeRules",
"elasticloadbalancing:DescribeTags",
"elasticloadbalancing:DescribeTargetHealth",
"elasticmapreduce:ListClusters",
"elastictranscoder:ListPipelines",
"es:ListDomainNames",
"events:ListEventBuses",
"firehose:ListDeliveryStreams",
"fsx:DescribeFileSystems",
"gamelift:ListFleets",
"glue:GetJobs",
"inspector:ListAssessmentTemplates",
"kafka:ListClusters",
"kinesis:ListStreams",
"kinesisanalytics:ListApplications",
"kinesisvideo:ListStreams",
"lambda:ListFunctions",
"lambda:ListTags",
"lex:GetBots",
"logs:DescribeLogGroups",
"mediaconnect:ListFlows",
"mediaconvert:DescribeEndpoints",
"mediapackage-vod:ListPackagingConfigurations",
"mediapackage:ListChannels",
"mediatailor:ListPlaybackConfigurations",
"opsworks:DescribeStacks",
"qldb:ListLedgers",
"rds:DescribeDBClusters",
"rds:DescribeDBInstances",
"rds:DescribeEvents",
"rds:ListTagsForResource",
"redshift:DescribeClusters",
"robomaker:ListSimulationJobs",
"route53:ListHostedZones",
"route53resolver:ListResolverEndpoints",
"s3:ListAllMyBuckets",
"sagemaker:ListEndpoints",
"sns:ListTopics",
"sqs:ListQueues",
"storagegateway:ListGateways",
"sts:GetCallerIdentity",
"swf:ListDomains",
"tag:GetResources",
"tag:GetTagKeys",
"transfer:ListServers",
"workmail:ListOrganizations",
"workspaces:DescribeWorkspaces"
],
"Resource": "*"
}
]
}
If you don't want to add permissions to all services, and just select permissions for certain services, consult the table below. The table contains a set of permissions that are required for All AWS cloud services and, for each supporting service, a list of optional permissions specific to that service.
Permissions required for AWS monitoring integration:
"cloudwatch:GetMetricData""cloudwatch:GetMetricStatistics""cloudwatch:ListMetrics""sts:GetCallerIdentity""tag:GetResources""tag:GetTagKeys""ec2:DescribeAvailabilityZones"
Complete list of permissions for cloud services¶
| Name | Permissions |
|---|---|
| All monitored Amazon services Required | cloudwatch:GetMetricData, cloudwatch:GetMetricStatistics, cloudwatch:ListMetrics, sts:GetCallerIdentity, tag:GetResources, tag:GetTagKeys, ec2:DescribeAvailabilityZones |
| AWS Certificate Manager Private Certificate Authority | acm-pca:ListCertificateAuthorities |
| Amazon MQ | |
| Amazon API Gateway | apigateway:GET |
| AWS App Runner | apprunner:ListServices |
| Amazon AppStream | appstream:DescribeFleets |
| AWS AppSync | appsync:ListGraphqlApis |
| Amazon Athena | athena:ListWorkGroups |
| Amazon Aurora | rds:DescribeDBClusters |
| Amazon EC2 Auto Scaling | autoscaling:DescribeAutoScalingGroups |
| Amazon EC2 Auto Scaling (built-in) | autoscaling:DescribeAutoScalingGroups |
| AWS Billing | |
| Amazon Keyspaces | |
| AWS Chatbot | |
| Amazon CloudFront | cloudfront:ListDistributions |
| AWS CloudHSM | cloudhsm:DescribeClusters |
| Amazon CloudSearch | cloudsearch:DescribeDomains |
| AWS CodeBuild | codebuild:ListProjects |
| Amazon Cognito | |
| Amazon Connect | |
| Amazon Elastic Kubernetes Service (EKS) | eks:ListClusters |
| AWS DataSync | datasync:ListTasks |
| Amazon DynamoDB Accelerator (DAX) | dax:DescribeClusters |
| AWS Database Migration Service (AWS DMS) | dms:DescribeReplicationInstances |
| Amazon DocumentDB | rds:DescribeDBClusters |
| AWS Direct Connect | directconnect:DescribeConnections |
| Amazon DynamoDB | dynamodb:ListTables |
| Amazon DynamoDB (built-in) | dynamodb:ListTables, dynamodb:ListTagsOfResource |
| Amazon EBS | ec2:DescribeVolumes |
| Amazon EBS (built-in) | ec2:DescribeVolumes |
| Amazon EC2 API | |
| Amazon EC2 (built-in) | ec2:DescribeInstances |
| Amazon EC2 Spot Fleet | ec2:DescribeSpotFleetRequests |
| Amazon Elastic Container Service (ECS) | ecs:ListClusters |
| Amazon ECS Container Insights | ecs:ListClusters |
| Amazon ElastiCache (EC) | elasticache:DescribeCacheClusters |
| AWS Elastic Beanstalk | elasticbeanstalk:DescribeEnvironments |
| Amazon Elastic File System (EFS) | elasticfilesystem:DescribeFileSystems |
| Amazon Elastic Inference | |
| Amazon Elastic Map Reduce (EMR) | elasticmapreduce:ListClusters |
| Amazon Elasticsearch Service (ES) | es:ListDomainNames |
| Amazon Elastic Transcoder | elastictranscoder:ListPipelines |
| Amazon Elastic Load Balancer (ELB) (built-in) | elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth |
| Amazon EventBridge | events:ListEventBuses |
| Amazon FSx | fsx:DescribeFileSystems |
| Amazon GameLift | gamelift:ListFleets |
| AWS Glue | glue:GetJobs |
| Amazon Inspector | inspector:ListAssessmentTemplates |
| AWS Internet of Things (IoT) | |
| AWS IoT Analytics | |
| Amazon Managed Streaming for Kafka | kafka:ListClusters |
| Amazon Kinesis Data Analytics | kinesisanalytics:ListApplications |
| Amazon Data Firehose | firehose:ListDeliveryStreams |
| Amazon Kinesis Data Streams | kinesis:ListStreams |
| Amazon Kinesis Video Streams | kinesisvideo:ListStreams |
| AWS Lambda | lambda:ListFunctions |
| AWS Lambda (built-in) | lambda:ListFunctions, lambda:ListTags |
| Amazon Lex | lex:GetBots |
| Amazon Application and Network Load Balancer (built-in) | elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth |
| Amazon CloudWatch Logs | logs:DescribeLogGroups |
| AWS Elemental MediaConnect | mediaconnect:ListFlows |
| AWS Elemental MediaConvert | mediaconvert:DescribeEndpoints |
| AWS Elemental MediaPackage Live | mediapackage:ListChannels |
| AWS Elemental MediaPackage Video on Demand | mediapackage-vod:ListPackagingConfigurations |
| AWS Elemental MediaTailor | mediatailor:ListPlaybackConfigurations |
| Amazon VPC NAT Gateways | ec2:DescribeNatGateways |
| Amazon Neptune | rds:DescribeDBClusters |
| AWS OpsWorks | opsworks:DescribeStacks |
| Amazon Polly | |
| Amazon QLDB | qldb:ListLedgers |
| Amazon RDS | rds:DescribeDBInstances |
| Amazon RDS (built-in) | rds:DescribeDBInstances, rds:DescribeEvents, rds:ListTagsForResource |
| Amazon Redshift | redshift:DescribeClusters |
| Amazon Rekognition | |
| AWS RoboMaker | robomaker:ListSimulationJobs |
| Amazon Route 53 | route53:ListHostedZones |
| Amazon Route 53 Resolver | route53resolver:ListResolverEndpoints |
| Amazon S3 | s3:ListAllMyBuckets |
| Amazon S3 (built-in) | s3:ListAllMyBuckets |
| Amazon SageMaker Batch Transform Jobs | |
| Amazon SageMaker Endpoint Instances | sagemaker:ListEndpoints |
| Amazon SageMaker Endpoints | sagemaker:ListEndpoints |
| Amazon SageMaker Ground Truth | |
| Amazon SageMaker Processing Jobs | |
| Amazon SageMaker Training Jobs | |
| AWS Service Catalog | |
| Amazon Simple Email Service (SES) | |
| Amazon Simple Notification Service (SNS) | sns:ListTopics |
| Amazon Simple Queue Service (SQS) | sqs:ListQueues |
| AWS Systems Manager - Run Command | |
| AWS Step Functions | |
| AWS Storage Gateway | storagegateway:ListGateways |
| Amazon SWF | swf:ListDomains |
| Amazon Textract | |
| AWS IoT Things Graph | |
| AWS Transfer Family | transfer:ListServers |
| AWS Transit Gateway | ec2:DescribeTransitGateways |
| Amazon Translate | |
| AWS Trusted Advisor | |
| AWS API Usage | |
| AWS Site-to-Site VPN | ec2:DescribeVpnConnections |
| AWS WAF Classic | |
| AWS WAF | |
| Amazon WorkMail | workmail:ListOrganizations |
| Amazon WorkSpaces | workspaces:DescribeWorkspaces |
Example of JSON policy for one single service.
JSON policy for Amazon API Gateway
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"apigateway:GET",
"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"sts:GetCallerIdentity",
"tag:GetResources",
"tag:GetTagKeys",
"ec2:DescribeAvailabilityZones"
],
"Resource": "*"
}
]
}
In this example, from the complete list of permissions you need to select
"apigateway:GET"for Amazon API Gateway"cloudwatch:GetMetricData","cloudwatch:GetMetricStatistics","cloudwatch:ListMetrics","sts:GetCallerIdentity","tag:GetResources","tag:GetTagKeys", and"ec2:DescribeAvailabilityZones"for All AWS cloud services.
AWS endpoints that need to be reachable from ActiveGate with corresponding AWS services¶
| Endpoint | Service |
|---|---|
autoscaling.<REGION>.amazonaws.com |
Amazon EC2 Auto Scaling (built-in), Amazon EC2 Auto Scaling |
lambda.<REGION>.amazonaws.com |
AWS Lambda (built-in), AWS Lambda |
elasticloadbalancing.<REGION>.amazonaws.com |
Amazon Application and Network Load Balancer (built-in), Amazon Elastic Load Balancer (ELB) (built-in) |
dynamodb.<REGION>.amazonaws.com |
Amazon DynamoDB (built-in), Amazon DynamoDB |
ec2.<REGION>.amazonaws.com |
Amazon EBS (built-in), Amazon EC2 (built-in), Amazon EBS, Amazon EC2 Spot Fleet, Amazon VPC NAT Gateways, AWS Transit Gateway, AWS Site-to-Site VPN |
rds.<REGION>.amazonaws.com |
Amazon RDS (built-in), Amazon Aurora, Amazon DocumentDB, Amazon Neptune, Amazon RDS |
s3.<REGION>.amazonaws.com |
Amazon S3 (built-in) |
acm-pca.<REGION>.amazonaws.com |
AWS Certificate Manager Private Certificate Authority |
apigateway.<REGION>.amazonaws.com |
Amazon API Gateway |
apprunner.<REGION>.amazonaws.com |
AWS App Runner |
appstream2.<REGION>.amazonaws.com |
Amazon AppStream |
appsync.<REGION>.amazonaws.com |
AWS AppSync |
athena.<REGION>.amazonaws.com |
Amazon Athena |
cloudfront.amazonaws.com |
Amazon CloudFront |
cloudhsmv2.<REGION>.amazonaws.com |
AWS CloudHSM |
cloudsearch.<REGION>.amazonaws.com |
Amazon CloudSearch |
codebuild.<REGION>.amazonaws.com |
AWS CodeBuild |
datasync.<REGION>.amazonaws.com |
AWS DataSync |
dax.<REGION>.amazonaws.com |
Amazon DynamoDB Accelerator (DAX) |
dms.<REGION>.amazonaws.com |
AWS Database Migration Service (AWS DMS) |
directconnect.<REGION>.amazonaws.com |
AWS Direct Connect |
ecs.<REGION>.amazonaws.com |
Amazon Elastic Container Service (ECS), Amazon ECS Container Insights |
elasticfilesystem.<REGION>.amazonaws.com |
Amazon Elastic File System (EFS) |
eks.<REGION>.amazonaws.com |
Amazon Elastic Kubernetes Service (EKS) |
elasticache.<REGION>.amazonaws.com |
Amazon ElastiCache (EC) |
elasticbeanstalk.<REGION>.amazonaws.com |
AWS Elastic Beanstalk |
elastictranscoder.<REGION>.amazonaws.com |
Amazon Elastic Transcoder |
es.<REGION>.amazonaws.com |
Amazon Elasticsearch Service (ES) |
events.<REGION>.amazonaws.com |
Amazon EventBridge |
fsx.<REGION>.amazonaws.com |
Amazon FSx |
gamelift.<REGION>.amazonaws.com |
Amazon GameLift |
glue.<REGION>.amazonaws.com |
AWS Glue |
inspector.<REGION>.amazonaws.com |
Amazon Inspector |
kafka.<REGION>.amazonaws.com |
Amazon Managed Streaming for Kafka |
models.lex.<REGION>.amazonaws.com |
Amazon Lex |
logs.<REGION>.amazonaws.com |
Amazon CloudWatch Logs |
api.mediatailor.<REGION>.amazonaws.com |
AWS Elemental MediaTailor |
mediaconnect.<REGION>.amazonaws.com |
AWS Elemental MediaConnect |
mediapackage.<REGION>.amazonaws.com |
AWS Elemental MediaPackage Live |
mediapackage-vod.<REGION>.amazonaws.com |
AWS Elemental MediaPackage Video on Demand |
opsworks.<REGION>.amazonaws.com |
AWS OpsWorks |
qldb.<REGION>.amazonaws.com |
Amazon QLDB |
redshift.<REGION>.amazonaws.com |
Amazon Redshift |
robomaker.<REGION>.amazonaws.com |
AWS RoboMaker |
route53.amazonaws.com |
Amazon Route 53 |
route53resolver.<REGION>.amazonaws.com |
Amazon Route 53 Resolver |
api.sagemaker.<REGION>.amazonaws.com |
Amazon SageMaker Endpoints, Amazon SageMaker Endpoint Instances |
sns.<REGION>.amazonaws.com |
Amazon Simple Notification Service (SNS) |
sqs.<REGION>.amazonaws.com |
Amazon Simple Queue Service (SQS) |
storagegateway.<REGION>.amazonaws.com |
AWS Storage Gateway |
swf.<REGION>.amazonaws.com |
Amazon SWF |
transfer.<REGION>.amazonaws.com |
AWS Transfer Family |
workmail.<REGION>.amazonaws.com |
Amazon WorkMail |
workspaces.<REGION>.amazonaws.com |
Amazon WorkSpaces |
Route 53 is a global service; hosted zone metrics (for example, DNSQueries) are available only in the us-east-1 region. To get hosted zone metrics, credentials must have at least following permissions set for the us-east-1 region:
"ec2:DescribeAvailabilityZones""cloudwatch:GetMetricData""cloudwatch:ListMetrics"
Enable monitoring¶
To learn how to enable service monitoring, see Enable service monitoring.
View service metrics¶
You can view the service metrics in your Dynatrace environment either on the custom device overview page or on your Dashboards page.
View metrics on the custom device overview page¶
To access the custom device overview page
- Go to
Technologies & Processes Classic. - Filter by service name and select the relevant custom device group.
- Once you select the custom device group, you're on the custom device group overview page.
- The custom device group overview page lists all instances (custom devices) belonging to the group. Select an instance to view the custom device overview page.
View metrics on your dashboard¶
After you add the service to monitoring, a preset dashboard containing all recommended metrics is automatically listed on your Dashboards page. To look for specific dashboards, filter by Preset and then by Name.

For existing monitored services, you might need to resave your credentials for the preset dashboard to appear on the Dashboards page. To resave your credentials, go to Settings > Cloud and virtualization > AWS, select the desired AWS instance, and then select Save.
You can't make changes on a preset dashboard directly, but you can clone and edit it. To clone a dashboard, open the browse menu (â¦) and select Clone.
To remove a dashboard from the dashboards page, you can hide it. To hide a dashboard, open the browse menu (â¦) and select Hide.
Hiding a dashboard doesn't affect other users.

To check the availability of preset dashboards for each AWS service, see the list below.
Preset dashboard availability list¶
| AWS service | Preset dashboard |
|---|---|
| Amazon EC2 Auto Scaling (built-in) | Not applicable |
| AWS Lambda (built-in) | Not applicable |
| Amazon Application and Network Load Balancer (built-in) | Not applicable |
| Amazon DynamoDB (built-in) | Not applicable |
| Amazon EBS (built-in) | Not applicable |
| Amazon EC2 (built-in) | Not applicable |
| Amazon Elastic Load Balancer (ELB) (built-in) | Not applicable |
| Amazon RDS (built-in) | Not applicable |
| Amazon S3 (built-in) | Not applicable |
| AWS Certificate Manager Private Certificate Authority | Not applicable |
| All monitored Amazon services | Not applicable |
| Amazon API Gateway | Not applicable |
| AWS App Runner | Not applicable |
| Amazon AppStream | Applicable |
| AWS AppSync | Applicable |
| Amazon Athena | Applicable |
| Amazon Aurora | Not applicable |
| Amazon EC2 Auto Scaling | Applicable |
| AWS Billing | Applicable |
| Amazon Keyspaces | Applicable |
| AWS Chatbot | Applicable |
| Amazon CloudFront | Not applicable |
| AWS CloudHSM | Applicable |
| Amazon CloudSearch | Applicable |
| AWS CodeBuild | Applicable |
| Amazon Cognito | Not applicable |
| Amazon Connect | Applicable |
| AWS DataSync | Applicable |
| Amazon DynamoDB Accelerator (DAX) | Applicable |
| AWS Database Migration Service (AWS DMS) | Applicable |
| Amazon DocumentDB | Applicable |
| AWS Direct Connect | Applicable |
| Amazon DynamoDB | Not applicable |
| Amazon EBS | Not applicable |
| Amazon EC2 Spot Fleet | Not applicable |
| Amazon EC2 API | Applicable |
| Amazon Elastic Container Service (ECS) | Not applicable |
| Amazon ECS Container Insights | Applicable |
| Amazon Elastic File System (EFS) | Not applicable |
| Amazon Elastic Kubernetes Service (EKS) | Applicable |
| Amazon ElastiCache (EC) | Not applicable |
| AWS Elastic Beanstalk | Applicable |
| Amazon Elastic Inference | Applicable |
| Amazon Elastic Transcoder | Applicable |
| Amazon Elastic Map Reduce (EMR) | Not applicable |
| Amazon Elasticsearch Service (ES) | Not applicable |
| Amazon EventBridge | Applicable |
| Amazon FSx | Applicable |
| Amazon GameLift | Applicable |
| AWS Glue | Not applicable |
| Amazon Inspector | Applicable |
| AWS Internet of Things (IoT) | Not applicable |
| AWS IoT Things Graph | Applicable |
| AWS IoT Analytics | Applicable |
| Amazon Managed Streaming for Kafka | Applicable |
| Amazon Kinesis Data Analytics | Not applicable |
| Amazon Data Firehose | Not applicable |
| Amazon Kinesis Data Streams | Not applicable |
| Amazon Kinesis Video Streams | Not applicable |
| AWS Lambda | Not applicable |
| Amazon Lex | Applicable |
| Amazon CloudWatch Logs | Applicable |
| AWS Elemental MediaTailor | Applicable |
| AWS Elemental MediaConnect | Applicable |
| AWS Elemental MediaConvert | Applicable |
| AWS Elemental MediaPackage Live | Applicable |
| AWS Elemental MediaPackage Video on Demand | Applicable |
| Amazon MQ | Applicable |
| Amazon VPC NAT Gateways | Not applicable |
| Amazon Neptune | Applicable |
| AWS OpsWorks | Applicable |
| Amazon Polly | Applicable |
| Amazon QLDB | Applicable |
| Amazon RDS | Not applicable |
| Amazon Redshift | Not applicable |
| Amazon Rekognition | Applicable |
| AWS RoboMaker | Applicable |
| Amazon Route 53 | Applicable |
| Amazon Route 53 Resolver | Applicable |
| Amazon S3 | Not applicable |
| Amazon SageMaker Batch Transform Jobs | Not applicable |
| Amazon SageMaker Endpoints | Not applicable |
| Amazon SageMaker Endpoint Instances | Not applicable |
| Amazon SageMaker Ground Truth | Not applicable |
| Amazon SageMaker Processing Jobs | Not applicable |
| Amazon SageMaker Training Jobs | Not applicable |
| AWS Service Catalog | Applicable |
| Amazon Simple Email Service (SES) | Not applicable |
| Amazon Simple Notification Service (SNS) | Not applicable |
| Amazon Simple Queue Service (SQS) | Not applicable |
| AWS Systems Manager - Run Command | Applicable |
| AWS Step Functions | Applicable |
| AWS Storage Gateway | Applicable |
| Amazon SWF | Applicable |
| Amazon Textract | Applicable |
| AWS Transfer Family | Applicable |
| AWS Transit Gateway | Applicable |
| Amazon Translate | Applicable |
| AWS Trusted Advisor | Applicable |
| AWS API Usage | Applicable |
| AWS Site-to-Site VPN | Applicable |
| AWS WAF Classic | Applicable |
| AWS WAF | Applicable |
| Amazon WorkMail | Applicable |
| Amazon WorkSpaces | Applicable |

Available metrics¶
EndpointId is the main dimension.
| Name | Description | Unit | Statistics | Dimensions | Recommended |
|---|---|---|---|---|---|
| EndpointHealthyENICount | The number of elastic network interfaces in the OPERATIONAL status. |
Count | Multi | EndpointId | |
| EndpointUnHealthyENICount | The number of elastic network interfaces in the AUTO_RECOVERING status. |
Count | Multi | EndpointId | |
| InboundQueryVolume | The number of DNS queries forwarded from your network to your VPCs through the endpoint specified by EndpointId (for inbound endpoints) |
Count | Sum | EndpointId | Applicable |
| InboundQueryVolume | Count | Sum | Region | Applicable | |
| InboundQueryVolume | Count | Sum | Region, RniId | ||
| OutboundQueryAggregateVolume | The total number of DNS queries forwarded from Amazon VPCs to your network (for outbound endpoints) | Count | Sum | Region | |
| OutboundQueryAggregateVolume | Count | Sum | Region, RniId | ||
| OutboundQueryAggregateVolume | Count | Sum | EndpointId | Applicable | |
| OutboundQueryVolume | The number of DNS queries forwarded from your VPCs to your network through the endpoint specified by EndpointId (for outbound endpoints) |
Count | Sum | EndpointId | Applicable |
| OutboundQueryVolume | Count | Sum | Region | Applicable |
Source: aws-service-route-53.md¶
title: Amazon Route 53 monitoring source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-with-aws/aws-all-services/aws-service-route-53 scraped: 2026-02-18T05:50:17.767565
Amazon Route 53 monitoring¶
Amazon Route 53 monitoring¶
- How-to guide
- 2-min read
- Published Sep 08, 2020
Dynatrace ingests metrics for multiple preselected namespaces, including Amazon Route 53. You can view metrics for each service instance, split metrics into multiple dimensions, and create custom charts that you can pin to your dashboards.
Prerequisites¶
To enable monitoring for this service, you need
-
ActiveGate version 1.197+
-
For Dynatrace SaaS deployments, you need an Environment ActiveGate or a Multi-environment ActiveGate.
For role-based access in a SaaS deployment, you need an Environment ActiveGate installed on an Amazon EC2 host.
- Dynatrace version 1.201+
- An updated AWS monitoring policy to include the additional AWS services.
To update the AWS IAM policy, use the JSON below, containing the monitoring policy (permissions) for all supporting services.
JSON predefined policy for all supporting services
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"acm-pca:ListCertificateAuthorities",
"apigateway:GET",
"apprunner:ListServices",
"appstream:DescribeFleets",
"appsync:ListGraphqlApis",
"athena:ListWorkGroups",
"autoscaling:DescribeAutoScalingGroups",
"cloudformation:ListStackResources",
"cloudfront:ListDistributions",
"cloudhsm:DescribeClusters",
"cloudsearch:DescribeDomains",
"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"codebuild:ListProjects",
"datasync:ListTasks",
"dax:DescribeClusters",
"directconnect:DescribeConnections",
"dms:DescribeReplicationInstances",
"dynamodb:ListTables",
"dynamodb:ListTagsOfResource",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeInstances",
"ec2:DescribeNatGateways",
"ec2:DescribeSpotFleetRequests",
"ec2:DescribeTransitGateways",
"ec2:DescribeVolumes",
"ec2:DescribeVpnConnections",
"ecs:ListClusters",
"eks:ListClusters",
"elasticache:DescribeCacheClusters",
"elasticbeanstalk:DescribeEnvironmentResources",
"elasticbeanstalk:DescribeEnvironments",
"elasticfilesystem:DescribeFileSystems",
"elasticloadbalancing:DescribeInstanceHealth",
"elasticloadbalancing:DescribeListeners",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeRules",
"elasticloadbalancing:DescribeTags",
"elasticloadbalancing:DescribeTargetHealth",
"elasticmapreduce:ListClusters",
"elastictranscoder:ListPipelines",
"es:ListDomainNames",
"events:ListEventBuses",
"firehose:ListDeliveryStreams",
"fsx:DescribeFileSystems",
"gamelift:ListFleets",
"glue:GetJobs",
"inspector:ListAssessmentTemplates",
"kafka:ListClusters",
"kinesis:ListStreams",
"kinesisanalytics:ListApplications",
"kinesisvideo:ListStreams",
"lambda:ListFunctions",
"lambda:ListTags",
"lex:GetBots",
"logs:DescribeLogGroups",
"mediaconnect:ListFlows",
"mediaconvert:DescribeEndpoints",
"mediapackage-vod:ListPackagingConfigurations",
"mediapackage:ListChannels",
"mediatailor:ListPlaybackConfigurations",
"opsworks:DescribeStacks",
"qldb:ListLedgers",
"rds:DescribeDBClusters",
"rds:DescribeDBInstances",
"rds:DescribeEvents",
"rds:ListTagsForResource",
"redshift:DescribeClusters",
"robomaker:ListSimulationJobs",
"route53:ListHostedZones",
"route53resolver:ListResolverEndpoints",
"s3:ListAllMyBuckets",
"sagemaker:ListEndpoints",
"sns:ListTopics",
"sqs:ListQueues",
"storagegateway:ListGateways",
"sts:GetCallerIdentity",
"swf:ListDomains",
"tag:GetResources",
"tag:GetTagKeys",
"transfer:ListServers",
"workmail:ListOrganizations",
"workspaces:DescribeWorkspaces"
],
"Resource": "*"
}
]
}
If you don't want to add permissions to all services, and just select permissions for certain services, consult the table below. The table contains a set of permissions that are required for All AWS cloud services and, for each supporting service, a list of optional permissions specific to that service.
Permissions required for AWS monitoring integration:
"cloudwatch:GetMetricData""cloudwatch:GetMetricStatistics""cloudwatch:ListMetrics""sts:GetCallerIdentity""tag:GetResources""tag:GetTagKeys""ec2:DescribeAvailabilityZones"
Complete list of permissions for cloud services¶
| Name | Permissions |
|---|---|
| All monitored Amazon services Required | cloudwatch:GetMetricData, cloudwatch:GetMetricStatistics, cloudwatch:ListMetrics, sts:GetCallerIdentity, tag:GetResources, tag:GetTagKeys, ec2:DescribeAvailabilityZones |
| AWS Certificate Manager Private Certificate Authority | acm-pca:ListCertificateAuthorities |
| Amazon MQ | |
| Amazon API Gateway | apigateway:GET |
| AWS App Runner | apprunner:ListServices |
| Amazon AppStream | appstream:DescribeFleets |
| AWS AppSync | appsync:ListGraphqlApis |
| Amazon Athena | athena:ListWorkGroups |
| Amazon Aurora | rds:DescribeDBClusters |
| Amazon EC2 Auto Scaling | autoscaling:DescribeAutoScalingGroups |
| Amazon EC2 Auto Scaling (built-in) | autoscaling:DescribeAutoScalingGroups |
| AWS Billing | |
| Amazon Keyspaces | |
| AWS Chatbot | |
| Amazon CloudFront | cloudfront:ListDistributions |
| AWS CloudHSM | cloudhsm:DescribeClusters |
| Amazon CloudSearch | cloudsearch:DescribeDomains |
| AWS CodeBuild | codebuild:ListProjects |
| Amazon Cognito | |
| Amazon Connect | |
| Amazon Elastic Kubernetes Service (EKS) | eks:ListClusters |
| AWS DataSync | datasync:ListTasks |
| Amazon DynamoDB Accelerator (DAX) | dax:DescribeClusters |
| AWS Database Migration Service (AWS DMS) | dms:DescribeReplicationInstances |
| Amazon DocumentDB | rds:DescribeDBClusters |
| AWS Direct Connect | directconnect:DescribeConnections |
| Amazon DynamoDB | dynamodb:ListTables |
| Amazon DynamoDB (built-in) | dynamodb:ListTables, dynamodb:ListTagsOfResource |
| Amazon EBS | ec2:DescribeVolumes |
| Amazon EBS (built-in) | ec2:DescribeVolumes |
| Amazon EC2 API | |
| Amazon EC2 (built-in) | ec2:DescribeInstances |
| Amazon EC2 Spot Fleet | ec2:DescribeSpotFleetRequests |
| Amazon Elastic Container Service (ECS) | ecs:ListClusters |
| Amazon ECS Container Insights | ecs:ListClusters |
| Amazon ElastiCache (EC) | elasticache:DescribeCacheClusters |
| AWS Elastic Beanstalk | elasticbeanstalk:DescribeEnvironments |
| Amazon Elastic File System (EFS) | elasticfilesystem:DescribeFileSystems |
| Amazon Elastic Inference | |
| Amazon Elastic Map Reduce (EMR) | elasticmapreduce:ListClusters |
| Amazon Elasticsearch Service (ES) | es:ListDomainNames |
| Amazon Elastic Transcoder | elastictranscoder:ListPipelines |
| Amazon Elastic Load Balancer (ELB) (built-in) | elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth |
| Amazon EventBridge | events:ListEventBuses |
| Amazon FSx | fsx:DescribeFileSystems |
| Amazon GameLift | gamelift:ListFleets |
| AWS Glue | glue:GetJobs |
| Amazon Inspector | inspector:ListAssessmentTemplates |
| AWS Internet of Things (IoT) | |
| AWS IoT Analytics | |
| Amazon Managed Streaming for Kafka | kafka:ListClusters |
| Amazon Kinesis Data Analytics | kinesisanalytics:ListApplications |
| Amazon Data Firehose | firehose:ListDeliveryStreams |
| Amazon Kinesis Data Streams | kinesis:ListStreams |
| Amazon Kinesis Video Streams | kinesisvideo:ListStreams |
| AWS Lambda | lambda:ListFunctions |
| AWS Lambda (built-in) | lambda:ListFunctions, lambda:ListTags |
| Amazon Lex | lex:GetBots |
| Amazon Application and Network Load Balancer (built-in) | elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth |
| Amazon CloudWatch Logs | logs:DescribeLogGroups |
| AWS Elemental MediaConnect | mediaconnect:ListFlows |
| AWS Elemental MediaConvert | mediaconvert:DescribeEndpoints |
| AWS Elemental MediaPackage Live | mediapackage:ListChannels |
| AWS Elemental MediaPackage Video on Demand | mediapackage-vod:ListPackagingConfigurations |
| AWS Elemental MediaTailor | mediatailor:ListPlaybackConfigurations |
| Amazon VPC NAT Gateways | ec2:DescribeNatGateways |
| Amazon Neptune | rds:DescribeDBClusters |
| AWS OpsWorks | opsworks:DescribeStacks |
| Amazon Polly | |
| Amazon QLDB | qldb:ListLedgers |
| Amazon RDS | rds:DescribeDBInstances |
| Amazon RDS (built-in) | rds:DescribeDBInstances, rds:DescribeEvents, rds:ListTagsForResource |
| Amazon Redshift | redshift:DescribeClusters |
| Amazon Rekognition | |
| AWS RoboMaker | robomaker:ListSimulationJobs |
| Amazon Route 53 | route53:ListHostedZones |
| Amazon Route 53 Resolver | route53resolver:ListResolverEndpoints |
| Amazon S3 | s3:ListAllMyBuckets |
| Amazon S3 (built-in) | s3:ListAllMyBuckets |
| Amazon SageMaker Batch Transform Jobs | |
| Amazon SageMaker Endpoint Instances | sagemaker:ListEndpoints |
| Amazon SageMaker Endpoints | sagemaker:ListEndpoints |
| Amazon SageMaker Ground Truth | |
| Amazon SageMaker Processing Jobs | |
| Amazon SageMaker Training Jobs | |
| AWS Service Catalog | |
| Amazon Simple Email Service (SES) | |
| Amazon Simple Notification Service (SNS) | sns:ListTopics |
| Amazon Simple Queue Service (SQS) | sqs:ListQueues |
| AWS Systems Manager - Run Command | |
| AWS Step Functions | |
| AWS Storage Gateway | storagegateway:ListGateways |
| Amazon SWF | swf:ListDomains |
| Amazon Textract | |
| AWS IoT Things Graph | |
| AWS Transfer Family | transfer:ListServers |
| AWS Transit Gateway | ec2:DescribeTransitGateways |
| Amazon Translate | |
| AWS Trusted Advisor | |
| AWS API Usage | |
| AWS Site-to-Site VPN | ec2:DescribeVpnConnections |
| AWS WAF Classic | |
| AWS WAF | |
| Amazon WorkMail | workmail:ListOrganizations |
| Amazon WorkSpaces | workspaces:DescribeWorkspaces |
Example of JSON policy for one single service.
JSON policy for Amazon API Gateway
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"apigateway:GET",
"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"sts:GetCallerIdentity",
"tag:GetResources",
"tag:GetTagKeys",
"ec2:DescribeAvailabilityZones"
],
"Resource": "*"
}
]
}
In this example, from the complete list of permissions you need to select
"apigateway:GET"for Amazon API Gateway"cloudwatch:GetMetricData","cloudwatch:GetMetricStatistics","cloudwatch:ListMetrics","sts:GetCallerIdentity","tag:GetResources","tag:GetTagKeys", and"ec2:DescribeAvailabilityZones"for All AWS cloud services.
AWS endpoints that need to be reachable from ActiveGate with corresponding AWS services¶
| Endpoint | Service |
|---|---|
autoscaling.<REGION>.amazonaws.com |
Amazon EC2 Auto Scaling (built-in), Amazon EC2 Auto Scaling |
lambda.<REGION>.amazonaws.com |
AWS Lambda (built-in), AWS Lambda |
elasticloadbalancing.<REGION>.amazonaws.com |
Amazon Application and Network Load Balancer (built-in), Amazon Elastic Load Balancer (ELB) (built-in) |
dynamodb.<REGION>.amazonaws.com |
Amazon DynamoDB (built-in), Amazon DynamoDB |
ec2.<REGION>.amazonaws.com |
Amazon EBS (built-in), Amazon EC2 (built-in), Amazon EBS, Amazon EC2 Spot Fleet, Amazon VPC NAT Gateways, AWS Transit Gateway, AWS Site-to-Site VPN |
rds.<REGION>.amazonaws.com |
Amazon RDS (built-in), Amazon Aurora, Amazon DocumentDB, Amazon Neptune, Amazon RDS |
s3.<REGION>.amazonaws.com |
Amazon S3 (built-in) |
acm-pca.<REGION>.amazonaws.com |
AWS Certificate Manager Private Certificate Authority |
apigateway.<REGION>.amazonaws.com |
Amazon API Gateway |
apprunner.<REGION>.amazonaws.com |
AWS App Runner |
appstream2.<REGION>.amazonaws.com |
Amazon AppStream |
appsync.<REGION>.amazonaws.com |
AWS AppSync |
athena.<REGION>.amazonaws.com |
Amazon Athena |
cloudfront.amazonaws.com |
Amazon CloudFront |
cloudhsmv2.<REGION>.amazonaws.com |
AWS CloudHSM |
cloudsearch.<REGION>.amazonaws.com |
Amazon CloudSearch |
codebuild.<REGION>.amazonaws.com |
AWS CodeBuild |
datasync.<REGION>.amazonaws.com |
AWS DataSync |
dax.<REGION>.amazonaws.com |
Amazon DynamoDB Accelerator (DAX) |
dms.<REGION>.amazonaws.com |
AWS Database Migration Service (AWS DMS) |
directconnect.<REGION>.amazonaws.com |
AWS Direct Connect |
ecs.<REGION>.amazonaws.com |
Amazon Elastic Container Service (ECS), Amazon ECS Container Insights |
elasticfilesystem.<REGION>.amazonaws.com |
Amazon Elastic File System (EFS) |
eks.<REGION>.amazonaws.com |
Amazon Elastic Kubernetes Service (EKS) |
elasticache.<REGION>.amazonaws.com |
Amazon ElastiCache (EC) |
elasticbeanstalk.<REGION>.amazonaws.com |
AWS Elastic Beanstalk |
elastictranscoder.<REGION>.amazonaws.com |
Amazon Elastic Transcoder |
es.<REGION>.amazonaws.com |
Amazon Elasticsearch Service (ES) |
events.<REGION>.amazonaws.com |
Amazon EventBridge |
fsx.<REGION>.amazonaws.com |
Amazon FSx |
gamelift.<REGION>.amazonaws.com |
Amazon GameLift |
glue.<REGION>.amazonaws.com |
AWS Glue |
inspector.<REGION>.amazonaws.com |
Amazon Inspector |
kafka.<REGION>.amazonaws.com |
Amazon Managed Streaming for Kafka |
models.lex.<REGION>.amazonaws.com |
Amazon Lex |
logs.<REGION>.amazonaws.com |
Amazon CloudWatch Logs |
api.mediatailor.<REGION>.amazonaws.com |
AWS Elemental MediaTailor |
mediaconnect.<REGION>.amazonaws.com |
AWS Elemental MediaConnect |
mediapackage.<REGION>.amazonaws.com |
AWS Elemental MediaPackage Live |
mediapackage-vod.<REGION>.amazonaws.com |
AWS Elemental MediaPackage Video on Demand |
opsworks.<REGION>.amazonaws.com |
AWS OpsWorks |
qldb.<REGION>.amazonaws.com |
Amazon QLDB |
redshift.<REGION>.amazonaws.com |
Amazon Redshift |
robomaker.<REGION>.amazonaws.com |
AWS RoboMaker |
route53.amazonaws.com |
Amazon Route 53 |
route53resolver.<REGION>.amazonaws.com |
Amazon Route 53 Resolver |
api.sagemaker.<REGION>.amazonaws.com |
Amazon SageMaker Endpoints, Amazon SageMaker Endpoint Instances |
sns.<REGION>.amazonaws.com |
Amazon Simple Notification Service (SNS) |
sqs.<REGION>.amazonaws.com |
Amazon Simple Queue Service (SQS) |
storagegateway.<REGION>.amazonaws.com |
AWS Storage Gateway |
swf.<REGION>.amazonaws.com |
Amazon SWF |
transfer.<REGION>.amazonaws.com |
AWS Transfer Family |
workmail.<REGION>.amazonaws.com |
Amazon WorkMail |
workspaces.<REGION>.amazonaws.com |
Amazon WorkSpaces |
Route 53 is a global service; hosted zone metrics (for example, DNSQueries) are available only in the us-east-1 region. To get hosted zone metrics, credentials must have at least the following permissions set for the us-east-1 region:
"ec2:DescribeAvailabilityZones""cloudwatch:GetMetricData""cloudwatch:ListMetrics"
Enable monitoring¶
To learn how to enable service monitoring, see Enable service monitoring.
View service metrics¶
You can view the service metrics in your Dynatrace environment either on the custom device overview page or on your Dashboards page.
View metrics on the custom device overview page¶
To access the custom device overview page
- Go to
Technologies & Processes Classic. - Filter by service name and select the relevant custom device group.
- Once you select the custom device group, you're on the custom device group overview page.
- The custom device group overview page lists all instances (custom devices) belonging to the group. Select an instance to view the custom device overview page.
View metrics on your dashboard¶
After you add the service to monitoring, a preset dashboard containing all recommended metrics is automatically listed on your Dashboards page. To look for specific dashboards, filter by Preset and then by Name.

For existing monitored services, you might need to resave your credentials for the preset dashboard to appear on the Dashboards page. To resave your credentials, go to Settings > Cloud and virtualization > AWS, select the desired AWS instance, and then select Save.
You can't make changes on a preset dashboard directly, but you can clone and edit it. To clone a dashboard, open the browse menu (â¦) and select Clone.
To remove a dashboard from the dashboards page, you can hide it. To hide a dashboard, open the browse menu (â¦) and select Hide.
Hiding a dashboard doesn't affect other users.

To check the availability of preset dashboards for each AWS service, see the list below.
Preset dashboard availability list¶
| AWS service | Preset dashboard |
|---|---|
| Amazon EC2 Auto Scaling (built-in) | Not applicable |
| AWS Lambda (built-in) | Not applicable |
| Amazon Application and Network Load Balancer (built-in) | Not applicable |
| Amazon DynamoDB (built-in) | Not applicable |
| Amazon EBS (built-in) | Not applicable |
| Amazon EC2 (built-in) | Not applicable |
| Amazon Elastic Load Balancer (ELB) (built-in) | Not applicable |
| Amazon RDS (built-in) | Not applicable |
| Amazon S3 (built-in) | Not applicable |
| AWS Certificate Manager Private Certificate Authority | Not applicable |
| All monitored Amazon services | Not applicable |
| Amazon API Gateway | Not applicable |
| AWS App Runner | Not applicable |
| Amazon AppStream | Applicable |
| AWS AppSync | Applicable |
| Amazon Athena | Applicable |
| Amazon Aurora | Not applicable |
| Amazon EC2 Auto Scaling | Applicable |
| AWS Billing | Applicable |
| Amazon Keyspaces | Applicable |
| AWS Chatbot | Applicable |
| Amazon CloudFront | Not applicable |
| AWS CloudHSM | Applicable |
| Amazon CloudSearch | Applicable |
| AWS CodeBuild | Applicable |
| Amazon Cognito | Not applicable |
| Amazon Connect | Applicable |
| AWS DataSync | Applicable |
| Amazon DynamoDB Accelerator (DAX) | Applicable |
| AWS Database Migration Service (AWS DMS) | Applicable |
| Amazon DocumentDB | Applicable |
| AWS Direct Connect | Applicable |
| Amazon DynamoDB | Not applicable |
| Amazon EBS | Not applicable |
| Amazon EC2 Spot Fleet | Not applicable |
| Amazon EC2 API | Applicable |
| Amazon Elastic Container Service (ECS) | Not applicable |
| Amazon ECS Container Insights | Applicable |
| Amazon Elastic File System (EFS) | Not applicable |
| Amazon Elastic Kubernetes Service (EKS) | Applicable |
| Amazon ElastiCache (EC) | Not applicable |
| AWS Elastic Beanstalk | Applicable |
| Amazon Elastic Inference | Applicable |
| Amazon Elastic Transcoder | Applicable |
| Amazon Elastic Map Reduce (EMR) | Not applicable |
| Amazon Elasticsearch Service (ES) | Not applicable |
| Amazon EventBridge | Applicable |
| Amazon FSx | Applicable |
| Amazon GameLift | Applicable |
| AWS Glue | Not applicable |
| Amazon Inspector | Applicable |
| AWS Internet of Things (IoT) | Not applicable |
| AWS IoT Things Graph | Applicable |
| AWS IoT Analytics | Applicable |
| Amazon Managed Streaming for Kafka | Applicable |
| Amazon Kinesis Data Analytics | Not applicable |
| Amazon Data Firehose | Not applicable |
| Amazon Kinesis Data Streams | Not applicable |
| Amazon Kinesis Video Streams | Not applicable |
| AWS Lambda | Not applicable |
| Amazon Lex | Applicable |
| Amazon CloudWatch Logs | Applicable |
| AWS Elemental MediaTailor | Applicable |
| AWS Elemental MediaConnect | Applicable |
| AWS Elemental MediaConvert | Applicable |
| AWS Elemental MediaPackage Live | Applicable |
| AWS Elemental MediaPackage Video on Demand | Applicable |
| Amazon MQ | Applicable |
| Amazon VPC NAT Gateways | Not applicable |
| Amazon Neptune | Applicable |
| AWS OpsWorks | Applicable |
| Amazon Polly | Applicable |
| Amazon QLDB | Applicable |
| Amazon RDS | Not applicable |
| Amazon Redshift | Not applicable |
| Amazon Rekognition | Applicable |
| AWS RoboMaker | Applicable |
| Amazon Route 53 | Applicable |
| Amazon Route 53 Resolver | Applicable |
| Amazon S3 | Not applicable |
| Amazon SageMaker Batch Transform Jobs | Not applicable |
| Amazon SageMaker Endpoints | Not applicable |
| Amazon SageMaker Endpoint Instances | Not applicable |
| Amazon SageMaker Ground Truth | Not applicable |
| Amazon SageMaker Processing Jobs | Not applicable |
| Amazon SageMaker Training Jobs | Not applicable |
| AWS Service Catalog | Applicable |
| Amazon Simple Email Service (SES) | Not applicable |
| Amazon Simple Notification Service (SNS) | Not applicable |
| Amazon Simple Queue Service (SQS) | Not applicable |
| AWS Systems Manager - Run Command | Applicable |
| AWS Step Functions | Applicable |
| AWS Storage Gateway | Applicable |
| Amazon SWF | Applicable |
| Amazon Textract | Applicable |
| AWS Transfer Family | Applicable |
| AWS Transit Gateway | Applicable |
| Amazon Translate | Applicable |
| AWS Trusted Advisor | Applicable |
| AWS API Usage | Applicable |
| AWS Site-to-Site VPN | Applicable |
| AWS WAF Classic | Applicable |
| AWS WAF | Applicable |
| Amazon WorkMail | Applicable |
| Amazon WorkSpaces | Applicable |

Available metrics¶
HostedZoneId is the main dimension.
| Name | Description | Unit | Statistics | Dimensions | Recommended |
|---|---|---|---|---|---|
| ChildHealthCheckHealthyCount | The number of health checks that are healthy among the health checks that Route 53 is monitoring | Count | Sum | Region, HealthCheckId | |
| ConnectionTime | The average time, in milliseconds, that it took Route 53 health checkers to establish a TCP connection with the endpoint | Milliseconds | Multi | Region, HealthCheckId, Region | |
| ConnectionTime | Milliseconds | Multi | Region, HealthCheckId | ||
| DNSQueries | The total number of DNS queries that Route 53 responds to for a hosted zone | Count | Multi | HostedZoneId | Applicable |
| DNSQueries | Count | Sum | HostedZoneId | Applicable | |
| HealthCheckPercentageHealthy | The percentage of Route 53 health checkers that consider the selected endpoint to be healthy | Percent | Multi | Region, HealthCheckId | |
| HealthCheckStatus | The status of the health check endpoint that CloudWatch is checking. 1 indicates healthy, and 0 indicates unhealthy |
None | Multi | Region, HealthCheckId | |
| SSLHandshakeTime | The average time, in milliseconds, that it took Route 53 health checkers to complete the SSL handshake | Milliseconds | Multi | Region, HealthCheckId, Region | |
| SSLHandshakeTime | Milliseconds | Multi | Region, HealthCheckId | ||
| TimeToFirstByte | The average time, in milliseconds, that it took Route 53 health checkers to receive the first byte of the response to an HTTP or HTTPS request | Milliseconds | Multi | Region, HealthCheckId, Region | |
| TimeToFirstByte | Milliseconds | Multi | Region, HealthCheckId |
Source: aws-service-simple-workflow-service-swf.md¶
title: Amazon SWF (Simple Workflow Service) monitoring source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-with-aws/aws-all-services/aws-service-simple-workflow-service-swf scraped: 2026-02-18T05:47:55.701492
Amazon SWF (Simple Workflow Service) monitoring¶
Amazon SWF (Simple Workflow Service) monitoring¶
- How-to guide
- 4-min read
- Published Sep 08, 2020
Dynatrace ingests metrics for multiple preselected namespaces, including Amazon Simple Workflow Service (Amazon SWF). You can view metrics for each service instance, split metrics into multiple dimensions, and create custom charts that you can pin to your dashboards.
Prerequisites¶
To enable monitoring for this service, you need
-
ActiveGate version 1.197+
-
For Dynatrace SaaS deployments, you need an Environment ActiveGate or a Multi-environment ActiveGate.
For role-based access in a SaaS deployment, you need an Environment ActiveGate installed on an Amazon EC2 host.
- Dynatrace version 1.201+
- An updated AWS monitoring policy to include the additional AWS services.
To update the AWS IAM policy, use the JSON below, containing the monitoring policy (permissions) for all supporting services.
JSON predefined policy for all supporting services
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"acm-pca:ListCertificateAuthorities",
"apigateway:GET",
"apprunner:ListServices",
"appstream:DescribeFleets",
"appsync:ListGraphqlApis",
"athena:ListWorkGroups",
"autoscaling:DescribeAutoScalingGroups",
"cloudformation:ListStackResources",
"cloudfront:ListDistributions",
"cloudhsm:DescribeClusters",
"cloudsearch:DescribeDomains",
"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"codebuild:ListProjects",
"datasync:ListTasks",
"dax:DescribeClusters",
"directconnect:DescribeConnections",
"dms:DescribeReplicationInstances",
"dynamodb:ListTables",
"dynamodb:ListTagsOfResource",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeInstances",
"ec2:DescribeNatGateways",
"ec2:DescribeSpotFleetRequests",
"ec2:DescribeTransitGateways",
"ec2:DescribeVolumes",
"ec2:DescribeVpnConnections",
"ecs:ListClusters",
"eks:ListClusters",
"elasticache:DescribeCacheClusters",
"elasticbeanstalk:DescribeEnvironmentResources",
"elasticbeanstalk:DescribeEnvironments",
"elasticfilesystem:DescribeFileSystems",
"elasticloadbalancing:DescribeInstanceHealth",
"elasticloadbalancing:DescribeListeners",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeRules",
"elasticloadbalancing:DescribeTags",
"elasticloadbalancing:DescribeTargetHealth",
"elasticmapreduce:ListClusters",
"elastictranscoder:ListPipelines",
"es:ListDomainNames",
"events:ListEventBuses",
"firehose:ListDeliveryStreams",
"fsx:DescribeFileSystems",
"gamelift:ListFleets",
"glue:GetJobs",
"inspector:ListAssessmentTemplates",
"kafka:ListClusters",
"kinesis:ListStreams",
"kinesisanalytics:ListApplications",
"kinesisvideo:ListStreams",
"lambda:ListFunctions",
"lambda:ListTags",
"lex:GetBots",
"logs:DescribeLogGroups",
"mediaconnect:ListFlows",
"mediaconvert:DescribeEndpoints",
"mediapackage-vod:ListPackagingConfigurations",
"mediapackage:ListChannels",
"mediatailor:ListPlaybackConfigurations",
"opsworks:DescribeStacks",
"qldb:ListLedgers",
"rds:DescribeDBClusters",
"rds:DescribeDBInstances",
"rds:DescribeEvents",
"rds:ListTagsForResource",
"redshift:DescribeClusters",
"robomaker:ListSimulationJobs",
"route53:ListHostedZones",
"route53resolver:ListResolverEndpoints",
"s3:ListAllMyBuckets",
"sagemaker:ListEndpoints",
"sns:ListTopics",
"sqs:ListQueues",
"storagegateway:ListGateways",
"sts:GetCallerIdentity",
"swf:ListDomains",
"tag:GetResources",
"tag:GetTagKeys",
"transfer:ListServers",
"workmail:ListOrganizations",
"workspaces:DescribeWorkspaces"
],
"Resource": "*"
}
]
}
If you don't want to add permissions to all services, and just select permissions for certain services, consult the table below. The table contains a set of permissions that are required for All AWS cloud services and, for each supporting service, a list of optional permissions specific to that service.
Permissions required for AWS monitoring integration:
"cloudwatch:GetMetricData""cloudwatch:GetMetricStatistics""cloudwatch:ListMetrics""sts:GetCallerIdentity""tag:GetResources""tag:GetTagKeys""ec2:DescribeAvailabilityZones"
Complete list of permissions for cloud services¶
| Name | Permissions |
|---|---|
| All monitored Amazon services Required | cloudwatch:GetMetricData, cloudwatch:GetMetricStatistics, cloudwatch:ListMetrics, sts:GetCallerIdentity, tag:GetResources, tag:GetTagKeys, ec2:DescribeAvailabilityZones |
| AWS Certificate Manager Private Certificate Authority | acm-pca:ListCertificateAuthorities |
| Amazon MQ | |
| Amazon API Gateway | apigateway:GET |
| AWS App Runner | apprunner:ListServices |
| Amazon AppStream | appstream:DescribeFleets |
| AWS AppSync | appsync:ListGraphqlApis |
| Amazon Athena | athena:ListWorkGroups |
| Amazon Aurora | rds:DescribeDBClusters |
| Amazon EC2 Auto Scaling | autoscaling:DescribeAutoScalingGroups |
| Amazon EC2 Auto Scaling (built-in) | autoscaling:DescribeAutoScalingGroups |
| AWS Billing | |
| Amazon Keyspaces | |
| AWS Chatbot | |
| Amazon CloudFront | cloudfront:ListDistributions |
| AWS CloudHSM | cloudhsm:DescribeClusters |
| Amazon CloudSearch | cloudsearch:DescribeDomains |
| AWS CodeBuild | codebuild:ListProjects |
| Amazon Cognito | |
| Amazon Connect | |
| Amazon Elastic Kubernetes Service (EKS) | eks:ListClusters |
| AWS DataSync | datasync:ListTasks |
| Amazon DynamoDB Accelerator (DAX) | dax:DescribeClusters |
| AWS Database Migration Service (AWS DMS) | dms:DescribeReplicationInstances |
| Amazon DocumentDB | rds:DescribeDBClusters |
| AWS Direct Connect | directconnect:DescribeConnections |
| Amazon DynamoDB | dynamodb:ListTables |
| Amazon DynamoDB (built-in) | dynamodb:ListTables, dynamodb:ListTagsOfResource |
| Amazon EBS | ec2:DescribeVolumes |
| Amazon EBS (built-in) | ec2:DescribeVolumes |
| Amazon EC2 API | |
| Amazon EC2 (built-in) | ec2:DescribeInstances |
| Amazon EC2 Spot Fleet | ec2:DescribeSpotFleetRequests |
| Amazon Elastic Container Service (ECS) | ecs:ListClusters |
| Amazon ECS Container Insights | ecs:ListClusters |
| Amazon ElastiCache (EC) | elasticache:DescribeCacheClusters |
| AWS Elastic Beanstalk | elasticbeanstalk:DescribeEnvironments |
| Amazon Elastic File System (EFS) | elasticfilesystem:DescribeFileSystems |
| Amazon Elastic Inference | |
| Amazon Elastic Map Reduce (EMR) | elasticmapreduce:ListClusters |
| Amazon Elasticsearch Service (ES) | es:ListDomainNames |
| Amazon Elastic Transcoder | elastictranscoder:ListPipelines |
| Amazon Elastic Load Balancer (ELB) (built-in) | elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth |
| Amazon EventBridge | events:ListEventBuses |
| Amazon FSx | fsx:DescribeFileSystems |
| Amazon GameLift | gamelift:ListFleets |
| AWS Glue | glue:GetJobs |
| Amazon Inspector | inspector:ListAssessmentTemplates |
| AWS Internet of Things (IoT) | |
| AWS IoT Analytics | |
| Amazon Managed Streaming for Kafka | kafka:ListClusters |
| Amazon Kinesis Data Analytics | kinesisanalytics:ListApplications |
| Amazon Data Firehose | firehose:ListDeliveryStreams |
| Amazon Kinesis Data Streams | kinesis:ListStreams |
| Amazon Kinesis Video Streams | kinesisvideo:ListStreams |
| AWS Lambda | lambda:ListFunctions |
| AWS Lambda (built-in) | lambda:ListFunctions, lambda:ListTags |
| Amazon Lex | lex:GetBots |
| Amazon Application and Network Load Balancer (built-in) | elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth |
| Amazon CloudWatch Logs | logs:DescribeLogGroups |
| AWS Elemental MediaConnect | mediaconnect:ListFlows |
| AWS Elemental MediaConvert | mediaconvert:DescribeEndpoints |
| AWS Elemental MediaPackage Live | mediapackage:ListChannels |
| AWS Elemental MediaPackage Video on Demand | mediapackage-vod:ListPackagingConfigurations |
| AWS Elemental MediaTailor | mediatailor:ListPlaybackConfigurations |
| Amazon VPC NAT Gateways | ec2:DescribeNatGateways |
| Amazon Neptune | rds:DescribeDBClusters |
| AWS OpsWorks | opsworks:DescribeStacks |
| Amazon Polly | |
| Amazon QLDB | qldb:ListLedgers |
| Amazon RDS | rds:DescribeDBInstances |
| Amazon RDS (built-in) | rds:DescribeDBInstances, rds:DescribeEvents, rds:ListTagsForResource |
| Amazon Redshift | redshift:DescribeClusters |
| Amazon Rekognition | |
| AWS RoboMaker | robomaker:ListSimulationJobs |
| Amazon Route 53 | route53:ListHostedZones |
| Amazon Route 53 Resolver | route53resolver:ListResolverEndpoints |
| Amazon S3 | s3:ListAllMyBuckets |
| Amazon S3 (built-in) | s3:ListAllMyBuckets |
| Amazon SageMaker Batch Transform Jobs | |
| Amazon SageMaker Endpoint Instances | sagemaker:ListEndpoints |
| Amazon SageMaker Endpoints | sagemaker:ListEndpoints |
| Amazon SageMaker Ground Truth | |
| Amazon SageMaker Processing Jobs | |
| Amazon SageMaker Training Jobs | |
| AWS Service Catalog | |
| Amazon Simple Email Service (SES) | |
| Amazon Simple Notification Service (SNS) | sns:ListTopics |
| Amazon Simple Queue Service (SQS) | sqs:ListQueues |
| AWS Systems Manager - Run Command | |
| AWS Step Functions | |
| AWS Storage Gateway | storagegateway:ListGateways |
| Amazon SWF | swf:ListDomains |
| Amazon Textract | |
| AWS IoT Things Graph | |
| AWS Transfer Family | transfer:ListServers |
| AWS Transit Gateway | ec2:DescribeTransitGateways |
| Amazon Translate | |
| AWS Trusted Advisor | |
| AWS API Usage | |
| AWS Site-to-Site VPN | ec2:DescribeVpnConnections |
| AWS WAF Classic | |
| AWS WAF | |
| Amazon WorkMail | workmail:ListOrganizations |
| Amazon WorkSpaces | workspaces:DescribeWorkspaces |
Example of JSON policy for one single service.
JSON policy for Amazon API Gateway
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"apigateway:GET",
"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"sts:GetCallerIdentity",
"tag:GetResources",
"tag:GetTagKeys",
"ec2:DescribeAvailabilityZones"
],
"Resource": "*"
}
]
}
In this example, from the complete list of permissions you need to select
"apigateway:GET"for Amazon API Gateway"cloudwatch:GetMetricData","cloudwatch:GetMetricStatistics","cloudwatch:ListMetrics","sts:GetCallerIdentity","tag:GetResources","tag:GetTagKeys", and"ec2:DescribeAvailabilityZones"for All AWS cloud services.
AWS endpoints that need to be reachable from ActiveGate with corresponding AWS services¶
| Endpoint | Service |
|---|---|
autoscaling.<REGION>.amazonaws.com |
Amazon EC2 Auto Scaling (built-in), Amazon EC2 Auto Scaling |
lambda.<REGION>.amazonaws.com |
AWS Lambda (built-in), AWS Lambda |
elasticloadbalancing.<REGION>.amazonaws.com |
Amazon Application and Network Load Balancer (built-in), Amazon Elastic Load Balancer (ELB) (built-in) |
dynamodb.<REGION>.amazonaws.com |
Amazon DynamoDB (built-in), Amazon DynamoDB |
ec2.<REGION>.amazonaws.com |
Amazon EBS (built-in), Amazon EC2 (built-in), Amazon EBS, Amazon EC2 Spot Fleet, Amazon VPC NAT Gateways, AWS Transit Gateway, AWS Site-to-Site VPN |
rds.<REGION>.amazonaws.com |
Amazon RDS (built-in), Amazon Aurora, Amazon DocumentDB, Amazon Neptune, Amazon RDS |
s3.<REGION>.amazonaws.com |
Amazon S3 (built-in) |
acm-pca.<REGION>.amazonaws.com |
AWS Certificate Manager Private Certificate Authority |
apigateway.<REGION>.amazonaws.com |
Amazon API Gateway |
apprunner.<REGION>.amazonaws.com |
AWS App Runner |
appstream2.<REGION>.amazonaws.com |
Amazon AppStream |
appsync.<REGION>.amazonaws.com |
AWS AppSync |
athena.<REGION>.amazonaws.com |
Amazon Athena |
cloudfront.amazonaws.com |
Amazon CloudFront |
cloudhsmv2.<REGION>.amazonaws.com |
AWS CloudHSM |
cloudsearch.<REGION>.amazonaws.com |
Amazon CloudSearch |
codebuild.<REGION>.amazonaws.com |
AWS CodeBuild |
datasync.<REGION>.amazonaws.com |
AWS DataSync |
dax.<REGION>.amazonaws.com |
Amazon DynamoDB Accelerator (DAX) |
dms.<REGION>.amazonaws.com |
AWS Database Migration Service (AWS DMS) |
directconnect.<REGION>.amazonaws.com |
AWS Direct Connect |
ecs.<REGION>.amazonaws.com |
Amazon Elastic Container Service (ECS), Amazon ECS Container Insights |
elasticfilesystem.<REGION>.amazonaws.com |
Amazon Elastic File System (EFS) |
eks.<REGION>.amazonaws.com |
Amazon Elastic Kubernetes Service (EKS) |
elasticache.<REGION>.amazonaws.com |
Amazon ElastiCache (EC) |
elasticbeanstalk.<REGION>.amazonaws.com |
AWS Elastic Beanstalk |
elastictranscoder.<REGION>.amazonaws.com |
Amazon Elastic Transcoder |
es.<REGION>.amazonaws.com |
Amazon Elasticsearch Service (ES) |
events.<REGION>.amazonaws.com |
Amazon EventBridge |
fsx.<REGION>.amazonaws.com |
Amazon FSx |
gamelift.<REGION>.amazonaws.com |
Amazon GameLift |
glue.<REGION>.amazonaws.com |
AWS Glue |
inspector.<REGION>.amazonaws.com |
Amazon Inspector |
kafka.<REGION>.amazonaws.com |
Amazon Managed Streaming for Kafka |
models.lex.<REGION>.amazonaws.com |
Amazon Lex |
logs.<REGION>.amazonaws.com |
Amazon CloudWatch Logs |
api.mediatailor.<REGION>.amazonaws.com |
AWS Elemental MediaTailor |
mediaconnect.<REGION>.amazonaws.com |
AWS Elemental MediaConnect |
mediapackage.<REGION>.amazonaws.com |
AWS Elemental MediaPackage Live |
mediapackage-vod.<REGION>.amazonaws.com |
AWS Elemental MediaPackage Video on Demand |
opsworks.<REGION>.amazonaws.com |
AWS OpsWorks |
qldb.<REGION>.amazonaws.com |
Amazon QLDB |
redshift.<REGION>.amazonaws.com |
Amazon Redshift |
robomaker.<REGION>.amazonaws.com |
AWS RoboMaker |
route53.amazonaws.com |
Amazon Route 53 |
route53resolver.<REGION>.amazonaws.com |
Amazon Route 53 Resolver |
api.sagemaker.<REGION>.amazonaws.com |
Amazon SageMaker Endpoints, Amazon SageMaker Endpoint Instances |
sns.<REGION>.amazonaws.com |
Amazon Simple Notification Service (SNS) |
sqs.<REGION>.amazonaws.com |
Amazon Simple Queue Service (SQS) |
storagegateway.<REGION>.amazonaws.com |
AWS Storage Gateway |
swf.<REGION>.amazonaws.com |
Amazon SWF |
transfer.<REGION>.amazonaws.com |
AWS Transfer Family |
workmail.<REGION>.amazonaws.com |
Amazon WorkMail |
workspaces.<REGION>.amazonaws.com |
Amazon WorkSpaces |
Enable monitoring¶
To learn how to enable service monitoring, see Enable service monitoring.
View service metrics¶
You can view the service metrics in your Dynatrace environment either on the custom device overview page or on your Dashboards page.
View metrics on the custom device overview page¶
To access the custom device overview page
- Go to
Technologies & Processes Classic. - Filter by service name and select the relevant custom device group.
- Once you select the custom device group, you're on the custom device group overview page.
- The custom device group overview page lists all instances (custom devices) belonging to the group. Select an instance to view the custom device overview page.
View metrics on your dashboard¶
After you add the service to monitoring, a preset dashboard containing all recommended metrics is automatically listed on your Dashboards page. To look for specific dashboards, filter by Preset and then by Name.

For existing monitored services, you might need to resave your credentials for the preset dashboard to appear on the Dashboards page. To resave your credentials, go to Settings > Cloud and virtualization > AWS, select the desired AWS instance, and then select Save.
You can't make changes on a preset dashboard directly, but you can clone and edit it. To clone a dashboard, open the browse menu (â¦) and select Clone.
To remove a dashboard from the dashboards page, you can hide it. To hide a dashboard, open the browse menu (â¦) and select Hide.
Hiding a dashboard doesn't affect other users.

To check the availability of preset dashboards for each AWS service, see the list below.
Preset dashboard availability list¶
| AWS service | Preset dashboard |
|---|---|
| Amazon EC2 Auto Scaling (built-in) | Not applicable |
| AWS Lambda (built-in) | Not applicable |
| Amazon Application and Network Load Balancer (built-in) | Not applicable |
| Amazon DynamoDB (built-in) | Not applicable |
| Amazon EBS (built-in) | Not applicable |
| Amazon EC2 (built-in) | Not applicable |
| Amazon Elastic Load Balancer (ELB) (built-in) | Not applicable |
| Amazon RDS (built-in) | Not applicable |
| Amazon S3 (built-in) | Not applicable |
| AWS Certificate Manager Private Certificate Authority | Not applicable |
| All monitored Amazon services | Not applicable |
| Amazon API Gateway | Not applicable |
| AWS App Runner | Not applicable |
| Amazon AppStream | Applicable |
| AWS AppSync | Applicable |
| Amazon Athena | Applicable |
| Amazon Aurora | Not applicable |
| Amazon EC2 Auto Scaling | Applicable |
| AWS Billing | Applicable |
| Amazon Keyspaces | Applicable |
| AWS Chatbot | Applicable |
| Amazon CloudFront | Not applicable |
| AWS CloudHSM | Applicable |
| Amazon CloudSearch | Applicable |
| AWS CodeBuild | Applicable |
| Amazon Cognito | Not applicable |
| Amazon Connect | Applicable |
| AWS DataSync | Applicable |
| Amazon DynamoDB Accelerator (DAX) | Applicable |
| AWS Database Migration Service (AWS DMS) | Applicable |
| Amazon DocumentDB | Applicable |
| AWS Direct Connect | Applicable |
| Amazon DynamoDB | Not applicable |
| Amazon EBS | Not applicable |
| Amazon EC2 Spot Fleet | Not applicable |
| Amazon EC2 API | Applicable |
| Amazon Elastic Container Service (ECS) | Not applicable |
| Amazon ECS Container Insights | Applicable |
| Amazon Elastic File System (EFS) | Not applicable |
| Amazon Elastic Kubernetes Service (EKS) | Applicable |
| Amazon ElastiCache (EC) | Not applicable |
| AWS Elastic Beanstalk | Applicable |
| Amazon Elastic Inference | Applicable |
| Amazon Elastic Transcoder | Applicable |
| Amazon Elastic Map Reduce (EMR) | Not applicable |
| Amazon Elasticsearch Service (ES) | Not applicable |
| Amazon EventBridge | Applicable |
| Amazon FSx | Applicable |
| Amazon GameLift | Applicable |
| AWS Glue | Not applicable |
| Amazon Inspector | Applicable |
| AWS Internet of Things (IoT) | Not applicable |
| AWS IoT Things Graph | Applicable |
| AWS IoT Analytics | Applicable |
| Amazon Managed Streaming for Kafka | Applicable |
| Amazon Kinesis Data Analytics | Not applicable |
| Amazon Data Firehose | Not applicable |
| Amazon Kinesis Data Streams | Not applicable |
| Amazon Kinesis Video Streams | Not applicable |
| AWS Lambda | Not applicable |
| Amazon Lex | Applicable |
| Amazon CloudWatch Logs | Applicable |
| AWS Elemental MediaTailor | Applicable |
| AWS Elemental MediaConnect | Applicable |
| AWS Elemental MediaConvert | Applicable |
| AWS Elemental MediaPackage Live | Applicable |
| AWS Elemental MediaPackage Video on Demand | Applicable |
| Amazon MQ | Applicable |
| Amazon VPC NAT Gateways | Not applicable |
| Amazon Neptune | Applicable |
| AWS OpsWorks | Applicable |
| Amazon Polly | Applicable |
| Amazon QLDB | Applicable |
| Amazon RDS | Not applicable |
| Amazon Redshift | Not applicable |
| Amazon Rekognition | Applicable |
| AWS RoboMaker | Applicable |
| Amazon Route 53 | Applicable |
| Amazon Route 53 Resolver | Applicable |
| Amazon S3 | Not applicable |
| Amazon SageMaker Batch Transform Jobs | Not applicable |
| Amazon SageMaker Endpoints | Not applicable |
| Amazon SageMaker Endpoint Instances | Not applicable |
| Amazon SageMaker Ground Truth | Not applicable |
| Amazon SageMaker Processing Jobs | Not applicable |
| Amazon SageMaker Training Jobs | Not applicable |
| AWS Service Catalog | Applicable |
| Amazon Simple Email Service (SES) | Not applicable |
| Amazon Simple Notification Service (SNS) | Not applicable |
| Amazon Simple Queue Service (SQS) | Not applicable |
| AWS Systems Manager - Run Command | Applicable |
| AWS Step Functions | Applicable |
| AWS Storage Gateway | Applicable |
| Amazon SWF | Applicable |
| Amazon Textract | Applicable |
| AWS Transfer Family | Applicable |
| AWS Transit Gateway | Applicable |
| Amazon Translate | Applicable |
| AWS Trusted Advisor | Applicable |
| AWS API Usage | Applicable |
| AWS Site-to-Site VPN | Applicable |
| AWS WAF Classic | Applicable |
| AWS WAF | Applicable |
| Amazon WorkMail | Applicable |
| Amazon WorkSpaces | Applicable |

Available metrics¶
Domain is the main dimension.
| Name | Description | Unit | Statistics | Dimensions | Recommended |
|---|---|---|---|---|---|
| ActivityTaskScheduleToCloseTime | The time interval, in milliseconds, between the time when the activity was scheduled and when it closed | Milliseconds | Multi | Domain, ActivityTypeName, ActivityTypeVersion | Applicable |
| ActivityTaskScheduleToStartTime | The time interval, in milliseconds, between the time when the activity task was scheduled and when it started | Milliseconds | Multi | Domain, ActivityTypeName, ActivityTypeVersion | Applicable |
| ActivityTaskStartToCloseTime | The time interval, in milliseconds, between the time when the activity task started and when it closed | Milliseconds | Multi | Domain, ActivityTypeName, ActivityTypeVersion | Applicable |
| ActivityTasksCanceled | The count of activity tasks that were canceled | Count | Sum | Domain, ActivityTypeName, ActivityTypeVersion | |
| ActivityTasksCompleted | The count of activity tasks that completed | Count | Sum | Domain, ActivityTypeName, ActivityTypeVersion | |
| ActivityTasksFailed | The count of activity tasks that failed | Count | Sum | Domain, ActivityTypeName, ActivityTypeVersion | |
| ConsumedCapacity | The count of requests per second | Count | Sum | Region, APIName | |
| ConsumedCapacity | Count | Sum | Region, DecisionName | Applicable | |
| DecisionTaskScheduleToStartTime | The time interval, in milliseconds, between the time that the decision task was scheduled and when it was picked up by a worker and started | Milliseconds | Multi | Domain, WorkflowTypeName, WorkflowTypeVersion | Applicable |
| DecisionTaskStartToCloseTime | The time interval, in milliseconds, between the time that the decision task was started and when it closed | Milliseconds | Multi | Domain, WorkflowTypeName, WorkflowTypeVersion | Applicable |
| DecisionTasksCompleted | The count of decision tasks that have been completed | Count | Sum | Domain, WorkflowTypeName, WorkflowTypeVersion | |
| PendingTasks | The count of pending tasks in a one minute interval for a specific task list | Count | Sum | Domain | |
| ProvisionedBucketSize | The count of available requests per second | Count | Minimum | Region, APIName | |
| ProvisionedBucketSize | Count | Minimum | Region, DecisionName | ||
| ProvisionedRefillRate | The count of requests per second that are allowed into the bucket | Count | Minimum | Region, APIName | |
| ProvisionedRefillRate | Count | Minimum | Region, DecisionName | ||
| ScheduledActivityTasksTimedOutOnClose | The count of activity tasks that were scheduled but timed out on close | Count | Sum | Domain, ActivityTypeName, ActivityTypeVersion | |
| ScheduledActivityTasksTimedOutOnStart | The count of activity tasks that were scheduled but timed out on start | Count | Sum | Domain, ActivityTypeName, ActivityTypeVersion | |
| StartedActivityTasksTimedOutOnClose | The count of activity tasks that were started but timed out on close | Count | Sum | Domain, ActivityTypeName, ActivityTypeVersion | |
| StartedActivityTasksTimedOutOnHeartbeat | The count of activity tasks that were started but timed out due to a heartbeat timeout | Count | Sum | Domain, ActivityTypeName, ActivityTypeVersion | |
| StartedDecisionTasksTimedOutOnClose | The count of decision tasks that started but timed out on closing | Count | Sum | Domain, WorkflowTypeName, WorkflowTypeVersion | |
| ThrottledEvents | The count of requests that have been throttled | Count | Sum | Region, APIName | |
| ThrottledEvents | Count | Sum | Region, DecisionName | Applicable | |
| WorkflowStartToCloseTime | The time, in milliseconds, between the time the workflow started and when it closed | Milliseconds | Multi | Domain, WorkflowTypeName, WorkflowTypeVersion | Applicable |
| WorkflowsCanceled | The count of workflows that were canceled | Count | Sum | Domain, WorkflowTypeName, WorkflowTypeVersion | Applicable |
| WorkflowsCompleted | The count of workflows that completed | Count | Sum | Domain, WorkflowTypeName, WorkflowTypeVersion | Applicable |
| WorkflowsContinuedAsNew | The count of workflows that continued as new | Count | Sum | Domain, WorkflowTypeName, WorkflowTypeVersion | Applicable |
| WorkflowsFailed | The count of workflows that failed | Count | Sum | Domain, WorkflowTypeName, WorkflowTypeVersion | Applicable |
| WorkflowsTerminated | The count of workflows that were terminated | Count | Sum | Domain, WorkflowTypeName, WorkflowTypeVersion | Applicable |
| WorkflowsTimedOut | The count of workflows that timed out, for any reason | Count | Sum | Domain, WorkflowTypeName, WorkflowTypeVersion | Applicable |
Source: aws-service-site-to-site-vpn.md¶
title: AWS Site-to-Site VPN monitoring source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-with-aws/aws-all-services/aws-service-site-to-site-vpn scraped: 2026-02-18T05:57:28.938832
AWS Site-to-Site VPN monitoring¶
AWS Site-to-Site VPN monitoring¶
- How-to guide
- 1-min read
- Published Jul 23, 2020
Dynatrace ingests metrics for multiple preselected namespaces, including AWS Site-to-Site VPN. You can view graphs per service instance, with a set of dimensions, and create custom graphs that you can pin to your dashboards.
Prerequisites¶
To enable monitoring for this service, you need
-
ActiveGate version 1.197+
-
For Dynatrace SaaS deployments, you need an Environment ActiveGate or a Multi-environment ActiveGate.
For role-based access in SaaS deployment, you need an Environment ActiveGate installed on an Amazon EC2 host.
- Dynatrace version 1.199+
- An updated AWS monitoring policy to include the additional AWS services.
To update the AWS IAM policy, use the JSON below, containing the monitoring policy (permissions) for all supporting services.
JSON predefined policy for all supporting services
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"acm-pca:ListCertificateAuthorities",
"apigateway:GET",
"apprunner:ListServices",
"appstream:DescribeFleets",
"appsync:ListGraphqlApis",
"athena:ListWorkGroups",
"autoscaling:DescribeAutoScalingGroups",
"cloudformation:ListStackResources",
"cloudfront:ListDistributions",
"cloudhsm:DescribeClusters",
"cloudsearch:DescribeDomains",
"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"codebuild:ListProjects",
"datasync:ListTasks",
"dax:DescribeClusters",
"directconnect:DescribeConnections",
"dms:DescribeReplicationInstances",
"dynamodb:ListTables",
"dynamodb:ListTagsOfResource",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeInstances",
"ec2:DescribeNatGateways",
"ec2:DescribeSpotFleetRequests",
"ec2:DescribeTransitGateways",
"ec2:DescribeVolumes",
"ec2:DescribeVpnConnections",
"ecs:ListClusters",
"eks:ListClusters",
"elasticache:DescribeCacheClusters",
"elasticbeanstalk:DescribeEnvironmentResources",
"elasticbeanstalk:DescribeEnvironments",
"elasticfilesystem:DescribeFileSystems",
"elasticloadbalancing:DescribeInstanceHealth",
"elasticloadbalancing:DescribeListeners",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeRules",
"elasticloadbalancing:DescribeTags",
"elasticloadbalancing:DescribeTargetHealth",
"elasticmapreduce:ListClusters",
"elastictranscoder:ListPipelines",
"es:ListDomainNames",
"events:ListEventBuses",
"firehose:ListDeliveryStreams",
"fsx:DescribeFileSystems",
"gamelift:ListFleets",
"glue:GetJobs",
"inspector:ListAssessmentTemplates",
"kafka:ListClusters",
"kinesis:ListStreams",
"kinesisanalytics:ListApplications",
"kinesisvideo:ListStreams",
"lambda:ListFunctions",
"lambda:ListTags",
"lex:GetBots",
"logs:DescribeLogGroups",
"mediaconnect:ListFlows",
"mediaconvert:DescribeEndpoints",
"mediapackage-vod:ListPackagingConfigurations",
"mediapackage:ListChannels",
"mediatailor:ListPlaybackConfigurations",
"opsworks:DescribeStacks",
"qldb:ListLedgers",
"rds:DescribeDBClusters",
"rds:DescribeDBInstances",
"rds:DescribeEvents",
"rds:ListTagsForResource",
"redshift:DescribeClusters",
"robomaker:ListSimulationJobs",
"route53:ListHostedZones",
"route53resolver:ListResolverEndpoints",
"s3:ListAllMyBuckets",
"sagemaker:ListEndpoints",
"sns:ListTopics",
"sqs:ListQueues",
"storagegateway:ListGateways",
"sts:GetCallerIdentity",
"swf:ListDomains",
"tag:GetResources",
"tag:GetTagKeys",
"transfer:ListServers",
"workmail:ListOrganizations",
"workspaces:DescribeWorkspaces"
],
"Resource": "*"
}
]
}
If you don't want to add permissions to all services, and just select permissions for certain services, consult the table below. The table contains a set of permissions that are required for All AWS cloud services and, for each supporting service, a list of optional permissions specific to that service.
Permissions required for AWS monitoring integration:
"cloudwatch:GetMetricData""cloudwatch:GetMetricStatistics""cloudwatch:ListMetrics""sts:GetCallerIdentity""tag:GetResources""tag:GetTagKeys""ec2:DescribeAvailabilityZones"
Complete list of permissions for cloud services¶
| Name | Permissions |
|---|---|
| All monitored Amazon services Required | cloudwatch:GetMetricData, cloudwatch:GetMetricStatistics, cloudwatch:ListMetrics, sts:GetCallerIdentity, tag:GetResources, tag:GetTagKeys, ec2:DescribeAvailabilityZones |
| AWS Certificate Manager Private Certificate Authority | acm-pca:ListCertificateAuthorities |
| Amazon MQ | |
| Amazon API Gateway | apigateway:GET |
| AWS App Runner | apprunner:ListServices |
| Amazon AppStream | appstream:DescribeFleets |
| AWS AppSync | appsync:ListGraphqlApis |
| Amazon Athena | athena:ListWorkGroups |
| Amazon Aurora | rds:DescribeDBClusters |
| Amazon EC2 Auto Scaling | autoscaling:DescribeAutoScalingGroups |
| Amazon EC2 Auto Scaling (built-in) | autoscaling:DescribeAutoScalingGroups |
| AWS Billing | |
| Amazon Keyspaces | |
| AWS Chatbot | |
| Amazon CloudFront | cloudfront:ListDistributions |
| AWS CloudHSM | cloudhsm:DescribeClusters |
| Amazon CloudSearch | cloudsearch:DescribeDomains |
| AWS CodeBuild | codebuild:ListProjects |
| Amazon Cognito | |
| Amazon Connect | |
| Amazon Elastic Kubernetes Service (EKS) | eks:ListClusters |
| AWS DataSync | datasync:ListTasks |
| Amazon DynamoDB Accelerator (DAX) | dax:DescribeClusters |
| AWS Database Migration Service (AWS DMS) | dms:DescribeReplicationInstances |
| Amazon DocumentDB | rds:DescribeDBClusters |
| AWS Direct Connect | directconnect:DescribeConnections |
| Amazon DynamoDB | dynamodb:ListTables |
| Amazon DynamoDB (built-in) | dynamodb:ListTables, dynamodb:ListTagsOfResource |
| Amazon EBS | ec2:DescribeVolumes |
| Amazon EBS (built-in) | ec2:DescribeVolumes |
| Amazon EC2 API | |
| Amazon EC2 (built-in) | ec2:DescribeInstances |
| Amazon EC2 Spot Fleet | ec2:DescribeSpotFleetRequests |
| Amazon Elastic Container Service (ECS) | ecs:ListClusters |
| Amazon ECS Container Insights | ecs:ListClusters |
| Amazon ElastiCache (EC) | elasticache:DescribeCacheClusters |
| AWS Elastic Beanstalk | elasticbeanstalk:DescribeEnvironments |
| Amazon Elastic File System (EFS) | elasticfilesystem:DescribeFileSystems |
| Amazon Elastic Inference | |
| Amazon Elastic Map Reduce (EMR) | elasticmapreduce:ListClusters |
| Amazon Elasticsearch Service (ES) | es:ListDomainNames |
| Amazon Elastic Transcoder | elastictranscoder:ListPipelines |
| Amazon Elastic Load Balancer (ELB) (built-in) | elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth |
| Amazon EventBridge | events:ListEventBuses |
| Amazon FSx | fsx:DescribeFileSystems |
| Amazon GameLift | gamelift:ListFleets |
| AWS Glue | glue:GetJobs |
| Amazon Inspector | inspector:ListAssessmentTemplates |
| AWS Internet of Things (IoT) | |
| AWS IoT Analytics | |
| Amazon Managed Streaming for Kafka | kafka:ListClusters |
| Amazon Kinesis Data Analytics | kinesisanalytics:ListApplications |
| Amazon Data Firehose | firehose:ListDeliveryStreams |
| Amazon Kinesis Data Streams | kinesis:ListStreams |
| Amazon Kinesis Video Streams | kinesisvideo:ListStreams |
| AWS Lambda | lambda:ListFunctions |
| AWS Lambda (built-in) | lambda:ListFunctions, lambda:ListTags |
| Amazon Lex | lex:GetBots |
| Amazon Application and Network Load Balancer (built-in) | elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth |
| Amazon CloudWatch Logs | logs:DescribeLogGroups |
| AWS Elemental MediaConnect | mediaconnect:ListFlows |
| AWS Elemental MediaConvert | mediaconvert:DescribeEndpoints |
| AWS Elemental MediaPackage Live | mediapackage:ListChannels |
| AWS Elemental MediaPackage Video on Demand | mediapackage-vod:ListPackagingConfigurations |
| AWS Elemental MediaTailor | mediatailor:ListPlaybackConfigurations |
| Amazon VPC NAT Gateways | ec2:DescribeNatGateways |
| Amazon Neptune | rds:DescribeDBClusters |
| AWS OpsWorks | opsworks:DescribeStacks |
| Amazon Polly | |
| Amazon QLDB | qldb:ListLedgers |
| Amazon RDS | rds:DescribeDBInstances |
| Amazon RDS (built-in) | rds:DescribeDBInstances, rds:DescribeEvents, rds:ListTagsForResource |
| Amazon Redshift | redshift:DescribeClusters |
| Amazon Rekognition | |
| AWS RoboMaker | robomaker:ListSimulationJobs |
| Amazon Route 53 | route53:ListHostedZones |
| Amazon Route 53 Resolver | route53resolver:ListResolverEndpoints |
| Amazon S3 | s3:ListAllMyBuckets |
| Amazon S3 (built-in) | s3:ListAllMyBuckets |
| Amazon SageMaker Batch Transform Jobs | |
| Amazon SageMaker Endpoint Instances | sagemaker:ListEndpoints |
| Amazon SageMaker Endpoints | sagemaker:ListEndpoints |
| Amazon SageMaker Ground Truth | |
| Amazon SageMaker Processing Jobs | |
| Amazon SageMaker Training Jobs | |
| AWS Service Catalog | |
| Amazon Simple Email Service (SES) | |
| Amazon Simple Notification Service (SNS) | sns:ListTopics |
| Amazon Simple Queue Service (SQS) | sqs:ListQueues |
| AWS Systems Manager - Run Command | |
| AWS Step Functions | |
| AWS Storage Gateway | storagegateway:ListGateways |
| Amazon SWF | swf:ListDomains |
| Amazon Textract | |
| AWS IoT Things Graph | |
| AWS Transfer Family | transfer:ListServers |
| AWS Transit Gateway | ec2:DescribeTransitGateways |
| Amazon Translate | |
| AWS Trusted Advisor | |
| AWS API Usage | |
| AWS Site-to-Site VPN | ec2:DescribeVpnConnections |
| AWS WAF Classic | |
| AWS WAF | |
| Amazon WorkMail | workmail:ListOrganizations |
| Amazon WorkSpaces | workspaces:DescribeWorkspaces |
Example of JSON policy for one single service.
JSON policy for Amazon API Gateway
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"apigateway:GET",
"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"sts:GetCallerIdentity",
"tag:GetResources",
"tag:GetTagKeys",
"ec2:DescribeAvailabilityZones"
],
"Resource": "*"
}
]
}
In this example, from the complete list of permissions you need to select
"apigateway:GET"for Amazon API Gateway"cloudwatch:GetMetricData","cloudwatch:GetMetricStatistics","cloudwatch:ListMetrics","sts:GetCallerIdentity","tag:GetResources","tag:GetTagKeys", and"ec2:DescribeAvailabilityZones"for All AWS cloud services.
AWS endpoints that need to be reachable from ActiveGate with corresponding AWS services¶
| Endpoint | Service |
|---|---|
autoscaling.<REGION>.amazonaws.com |
Amazon EC2 Auto Scaling (built-in), Amazon EC2 Auto Scaling |
lambda.<REGION>.amazonaws.com |
AWS Lambda (built-in), AWS Lambda |
elasticloadbalancing.<REGION>.amazonaws.com |
Amazon Application and Network Load Balancer (built-in), Amazon Elastic Load Balancer (ELB) (built-in) |
dynamodb.<REGION>.amazonaws.com |
Amazon DynamoDB (built-in), Amazon DynamoDB |
ec2.<REGION>.amazonaws.com |
Amazon EBS (built-in), Amazon EC2 (built-in), Amazon EBS, Amazon EC2 Spot Fleet, Amazon VPC NAT Gateways, AWS Transit Gateway, AWS Site-to-Site VPN |
rds.<REGION>.amazonaws.com |
Amazon RDS (built-in), Amazon Aurora, Amazon DocumentDB, Amazon Neptune, Amazon RDS |
s3.<REGION>.amazonaws.com |
Amazon S3 (built-in) |
acm-pca.<REGION>.amazonaws.com |
AWS Certificate Manager Private Certificate Authority |
apigateway.<REGION>.amazonaws.com |
Amazon API Gateway |
apprunner.<REGION>.amazonaws.com |
AWS App Runner |
appstream2.<REGION>.amazonaws.com |
Amazon AppStream |
appsync.<REGION>.amazonaws.com |
AWS AppSync |
athena.<REGION>.amazonaws.com |
Amazon Athena |
cloudfront.amazonaws.com |
Amazon CloudFront |
cloudhsmv2.<REGION>.amazonaws.com |
AWS CloudHSM |
cloudsearch.<REGION>.amazonaws.com |
Amazon CloudSearch |
codebuild.<REGION>.amazonaws.com |
AWS CodeBuild |
datasync.<REGION>.amazonaws.com |
AWS DataSync |
dax.<REGION>.amazonaws.com |
Amazon DynamoDB Accelerator (DAX) |
dms.<REGION>.amazonaws.com |
AWS Database Migration Service (AWS DMS) |
directconnect.<REGION>.amazonaws.com |
AWS Direct Connect |
ecs.<REGION>.amazonaws.com |
Amazon Elastic Container Service (ECS), Amazon ECS Container Insights |
elasticfilesystem.<REGION>.amazonaws.com |
Amazon Elastic File System (EFS) |
eks.<REGION>.amazonaws.com |
Amazon Elastic Kubernetes Service (EKS) |
elasticache.<REGION>.amazonaws.com |
Amazon ElastiCache (EC) |
elasticbeanstalk.<REGION>.amazonaws.com |
AWS Elastic Beanstalk |
elastictranscoder.<REGION>.amazonaws.com |
Amazon Elastic Transcoder |
es.<REGION>.amazonaws.com |
Amazon Elasticsearch Service (ES) |
events.<REGION>.amazonaws.com |
Amazon EventBridge |
fsx.<REGION>.amazonaws.com |
Amazon FSx |
gamelift.<REGION>.amazonaws.com |
Amazon GameLift |
glue.<REGION>.amazonaws.com |
AWS Glue |
inspector.<REGION>.amazonaws.com |
Amazon Inspector |
kafka.<REGION>.amazonaws.com |
Amazon Managed Streaming for Kafka |
models.lex.<REGION>.amazonaws.com |
Amazon Lex |
logs.<REGION>.amazonaws.com |
Amazon CloudWatch Logs |
api.mediatailor.<REGION>.amazonaws.com |
AWS Elemental MediaTailor |
mediaconnect.<REGION>.amazonaws.com |
AWS Elemental MediaConnect |
mediapackage.<REGION>.amazonaws.com |
AWS Elemental MediaPackage Live |
mediapackage-vod.<REGION>.amazonaws.com |
AWS Elemental MediaPackage Video on Demand |
opsworks.<REGION>.amazonaws.com |
AWS OpsWorks |
qldb.<REGION>.amazonaws.com |
Amazon QLDB |
redshift.<REGION>.amazonaws.com |
Amazon Redshift |
robomaker.<REGION>.amazonaws.com |
AWS RoboMaker |
route53.amazonaws.com |
Amazon Route 53 |
route53resolver.<REGION>.amazonaws.com |
Amazon Route 53 Resolver |
api.sagemaker.<REGION>.amazonaws.com |
Amazon SageMaker Endpoints, Amazon SageMaker Endpoint Instances |
sns.<REGION>.amazonaws.com |
Amazon Simple Notification Service (SNS) |
sqs.<REGION>.amazonaws.com |
Amazon Simple Queue Service (SQS) |
storagegateway.<REGION>.amazonaws.com |
AWS Storage Gateway |
swf.<REGION>.amazonaws.com |
Amazon SWF |
transfer.<REGION>.amazonaws.com |
AWS Transfer Family |
workmail.<REGION>.amazonaws.com |
Amazon WorkMail |
workspaces.<REGION>.amazonaws.com |
Amazon WorkSpaces |
Enable monitoring¶
To learn how to enable service monitoring, see Enable service monitoring.
View service metrics¶
You can view the service metrics in your Dynatrace environment either on the custom device overview page or on your Dashboards page.
View metrics on the custom device overview page¶
To access the custom device overview page
- Go to
Technologies & Processes Classic. - Filter by service name and select the relevant custom device group.
- Once you select the custom device group, you're on the custom device group overview page.
- The custom device group overview page lists all instances (custom devices) belonging to the group. Select an instance to view the custom device overview page.
View metrics on your dashboard¶
After you add the service to monitoring, a preset dashboard containing all recommended metrics is automatically listed on your Dashboards page. To look for specific dashboards, filter by Preset and then by Name.

For existing monitored services, you might need to resave your credentials for the preset dashboard to appear on the Dashboards page. To resave your credentials, go to Settings > Cloud and virtualization > AWS, select the desired AWS instance, and then select Save.
You can't make changes on a preset dashboard directly, but you can clone and edit it. To clone a dashboard, open the browse menu (â¦) and select Clone.
To remove a dashboard from the dashboards page, you can hide it. To hide a dashboard, open the browse menu (â¦) and select Hide.
Hiding a dashboard doesn't affect other users.

To check the availability of preset dashboards for each AWS service, see the list below.
Preset dashboard availability list¶
| AWS service | Preset dashboard |
|---|---|
| Amazon EC2 Auto Scaling (built-in) | Not applicable |
| AWS Lambda (built-in) | Not applicable |
| Amazon Application and Network Load Balancer (built-in) | Not applicable |
| Amazon DynamoDB (built-in) | Not applicable |
| Amazon EBS (built-in) | Not applicable |
| Amazon EC2 (built-in) | Not applicable |
| Amazon Elastic Load Balancer (ELB) (built-in) | Not applicable |
| Amazon RDS (built-in) | Not applicable |
| Amazon S3 (built-in) | Not applicable |
| AWS Certificate Manager Private Certificate Authority | Not applicable |
| All monitored Amazon services | Not applicable |
| Amazon API Gateway | Not applicable |
| AWS App Runner | Not applicable |
| Amazon AppStream | Applicable |
| AWS AppSync | Applicable |
| Amazon Athena | Applicable |
| Amazon Aurora | Not applicable |
| Amazon EC2 Auto Scaling | Applicable |
| AWS Billing | Applicable |
| Amazon Keyspaces | Applicable |
| AWS Chatbot | Applicable |
| Amazon CloudFront | Not applicable |
| AWS CloudHSM | Applicable |
| Amazon CloudSearch | Applicable |
| AWS CodeBuild | Applicable |
| Amazon Cognito | Not applicable |
| Amazon Connect | Applicable |
| AWS DataSync | Applicable |
| Amazon DynamoDB Accelerator (DAX) | Applicable |
| AWS Database Migration Service (AWS DMS) | Applicable |
| Amazon DocumentDB | Applicable |
| AWS Direct Connect | Applicable |
| Amazon DynamoDB | Not applicable |
| Amazon EBS | Not applicable |
| Amazon EC2 Spot Fleet | Not applicable |
| Amazon EC2 API | Applicable |
| Amazon Elastic Container Service (ECS) | Not applicable |
| Amazon ECS Container Insights | Applicable |
| Amazon Elastic File System (EFS) | Not applicable |
| Amazon Elastic Kubernetes Service (EKS) | Applicable |
| Amazon ElastiCache (EC) | Not applicable |
| AWS Elastic Beanstalk | Applicable |
| Amazon Elastic Inference | Applicable |
| Amazon Elastic Transcoder | Applicable |
| Amazon Elastic Map Reduce (EMR) | Not applicable |
| Amazon Elasticsearch Service (ES) | Not applicable |
| Amazon EventBridge | Applicable |
| Amazon FSx | Applicable |
| Amazon GameLift | Applicable |
| AWS Glue | Not applicable |
| Amazon Inspector | Applicable |
| AWS Internet of Things (IoT) | Not applicable |
| AWS IoT Things Graph | Applicable |
| AWS IoT Analytics | Applicable |
| Amazon Managed Streaming for Kafka | Applicable |
| Amazon Kinesis Data Analytics | Not applicable |
| Amazon Data Firehose | Not applicable |
| Amazon Kinesis Data Streams | Not applicable |
| Amazon Kinesis Video Streams | Not applicable |
| AWS Lambda | Not applicable |
| Amazon Lex | Applicable |
| Amazon CloudWatch Logs | Applicable |
| AWS Elemental MediaTailor | Applicable |
| AWS Elemental MediaConnect | Applicable |
| AWS Elemental MediaConvert | Applicable |
| AWS Elemental MediaPackage Live | Applicable |
| AWS Elemental MediaPackage Video on Demand | Applicable |
| Amazon MQ | Applicable |
| Amazon VPC NAT Gateways | Not applicable |
| Amazon Neptune | Applicable |
| AWS OpsWorks | Applicable |
| Amazon Polly | Applicable |
| Amazon QLDB | Applicable |
| Amazon RDS | Not applicable |
| Amazon Redshift | Not applicable |
| Amazon Rekognition | Applicable |
| AWS RoboMaker | Applicable |
| Amazon Route 53 | Applicable |
| Amazon Route 53 Resolver | Applicable |
| Amazon S3 | Not applicable |
| Amazon SageMaker Batch Transform Jobs | Not applicable |
| Amazon SageMaker Endpoints | Not applicable |
| Amazon SageMaker Endpoint Instances | Not applicable |
| Amazon SageMaker Ground Truth | Not applicable |
| Amazon SageMaker Processing Jobs | Not applicable |
| Amazon SageMaker Training Jobs | Not applicable |
| AWS Service Catalog | Applicable |
| Amazon Simple Email Service (SES) | Not applicable |
| Amazon Simple Notification Service (SNS) | Not applicable |
| Amazon Simple Queue Service (SQS) | Not applicable |
| AWS Systems Manager - Run Command | Applicable |
| AWS Step Functions | Applicable |
| AWS Storage Gateway | Applicable |
| Amazon SWF | Applicable |
| Amazon Textract | Applicable |
| AWS Transfer Family | Applicable |
| AWS Transit Gateway | Applicable |
| Amazon Translate | Applicable |
| AWS Trusted Advisor | Applicable |
| AWS API Usage | Applicable |
| AWS Site-to-Site VPN | Applicable |
| AWS WAF Classic | Applicable |
| AWS WAF | Applicable |
| Amazon WorkMail | Applicable |
| Amazon WorkSpaces | Applicable |

Available metrics¶
VpnId is the main dimension.
| Name | Description | Unit | Statistics | Dimensions | Recommended |
|---|---|---|---|---|---|
| TunnelDataIn | The bytes received through the VPN tunnel | Bytes | Sum | VpnId | Applicable |
| TunnelDataIn | Bytes | Sum | Region | Applicable | |
| TunnelDataIn | Bytes | Sum | Region, TunnelIpAddress | ||
| TunnelDataOut | The bytes sent through the VPN tunnel | Bytes | Sum | VpnId | Applicable |
| TunnelDataOut | Bytes | Sum | Region | Applicable | |
| TunnelDataOut | Bytes | Sum | Region, TunnelIpAddress | ||
| TunnelState | The state of the tunnel. For static VPNs, 0 indicates DOWN and 1 indicates UP. For BGP VPNs, 1 indicates ESTABLISHED and 0 is used for all other states | Count | Multi | Region | Applicable |
| TunnelState | Count | Multi | Region, TunnelIpAddress | ||
| TunnelState | Count | Multi | VpnId | Applicable |
Source: aws-service-step-functions.md¶
title: AWS Step Functions monitoring source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-with-aws/aws-all-services/aws-service-step-functions scraped: 2026-02-17T21:32:42.621070
AWS Step Functions monitoring¶
AWS Step Functions monitoring¶
- How-to guide
- 5-min read
- Published Jul 06, 2020
Dynatrace ingests metrics for multiple preselected namespaces, including AWS Step Functions. You can view metrics for each service instance, split metrics into multiple dimensions, and create custom charts that you can pin to your dashboards.
Prerequisites¶
To enable monitoring for this service, you need
-
ActiveGate version 1.197+
-
For Dynatrace SaaS deployments, you need an Environment ActiveGate or a Multi-environment ActiveGate.
For role-based access in SaaS deployment, you need an Environment ActiveGate installed on an Amazon EC2 host.
- Dynatrace version 1.200+
- An updated AWS monitoring policy to include the additional AWS services.
To update the AWS IAM policy, use the JSON below, containing the monitoring policy (permissions) for all supporting services.
JSON predefined policy for all supporting services
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"acm-pca:ListCertificateAuthorities",
"apigateway:GET",
"apprunner:ListServices",
"appstream:DescribeFleets",
"appsync:ListGraphqlApis",
"athena:ListWorkGroups",
"autoscaling:DescribeAutoScalingGroups",
"cloudformation:ListStackResources",
"cloudfront:ListDistributions",
"cloudhsm:DescribeClusters",
"cloudsearch:DescribeDomains",
"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"codebuild:ListProjects",
"datasync:ListTasks",
"dax:DescribeClusters",
"directconnect:DescribeConnections",
"dms:DescribeReplicationInstances",
"dynamodb:ListTables",
"dynamodb:ListTagsOfResource",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeInstances",
"ec2:DescribeNatGateways",
"ec2:DescribeSpotFleetRequests",
"ec2:DescribeTransitGateways",
"ec2:DescribeVolumes",
"ec2:DescribeVpnConnections",
"ecs:ListClusters",
"eks:ListClusters",
"elasticache:DescribeCacheClusters",
"elasticbeanstalk:DescribeEnvironmentResources",
"elasticbeanstalk:DescribeEnvironments",
"elasticfilesystem:DescribeFileSystems",
"elasticloadbalancing:DescribeInstanceHealth",
"elasticloadbalancing:DescribeListeners",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeRules",
"elasticloadbalancing:DescribeTags",
"elasticloadbalancing:DescribeTargetHealth",
"elasticmapreduce:ListClusters",
"elastictranscoder:ListPipelines",
"es:ListDomainNames",
"events:ListEventBuses",
"firehose:ListDeliveryStreams",
"fsx:DescribeFileSystems",
"gamelift:ListFleets",
"glue:GetJobs",
"inspector:ListAssessmentTemplates",
"kafka:ListClusters",
"kinesis:ListStreams",
"kinesisanalytics:ListApplications",
"kinesisvideo:ListStreams",
"lambda:ListFunctions",
"lambda:ListTags",
"lex:GetBots",
"logs:DescribeLogGroups",
"mediaconnect:ListFlows",
"mediaconvert:DescribeEndpoints",
"mediapackage-vod:ListPackagingConfigurations",
"mediapackage:ListChannels",
"mediatailor:ListPlaybackConfigurations",
"opsworks:DescribeStacks",
"qldb:ListLedgers",
"rds:DescribeDBClusters",
"rds:DescribeDBInstances",
"rds:DescribeEvents",
"rds:ListTagsForResource",
"redshift:DescribeClusters",
"robomaker:ListSimulationJobs",
"route53:ListHostedZones",
"route53resolver:ListResolverEndpoints",
"s3:ListAllMyBuckets",
"sagemaker:ListEndpoints",
"sns:ListTopics",
"sqs:ListQueues",
"storagegateway:ListGateways",
"sts:GetCallerIdentity",
"swf:ListDomains",
"tag:GetResources",
"tag:GetTagKeys",
"transfer:ListServers",
"workmail:ListOrganizations",
"workspaces:DescribeWorkspaces"
],
"Resource": "*"
}
]
}
If you don't want to add permissions to all services, and just select permissions for certain services, consult the table below. The table contains a set of permissions that are required for All AWS cloud services and, for each supporting service, a list of optional permissions specific to that service.
Permissions required for AWS monitoring integration:
"cloudwatch:GetMetricData""cloudwatch:GetMetricStatistics""cloudwatch:ListMetrics""sts:GetCallerIdentity""tag:GetResources""tag:GetTagKeys""ec2:DescribeAvailabilityZones"
Complete list of permissions for cloud services¶
| Name | Permissions |
|---|---|
| All monitored Amazon services Required | cloudwatch:GetMetricData, cloudwatch:GetMetricStatistics, cloudwatch:ListMetrics, sts:GetCallerIdentity, tag:GetResources, tag:GetTagKeys, ec2:DescribeAvailabilityZones |
| AWS Certificate Manager Private Certificate Authority | acm-pca:ListCertificateAuthorities |
| Amazon MQ | |
| Amazon API Gateway | apigateway:GET |
| AWS App Runner | apprunner:ListServices |
| Amazon AppStream | appstream:DescribeFleets |
| AWS AppSync | appsync:ListGraphqlApis |
| Amazon Athena | athena:ListWorkGroups |
| Amazon Aurora | rds:DescribeDBClusters |
| Amazon EC2 Auto Scaling | autoscaling:DescribeAutoScalingGroups |
| Amazon EC2 Auto Scaling (built-in) | autoscaling:DescribeAutoScalingGroups |
| AWS Billing | |
| Amazon Keyspaces | |
| AWS Chatbot | |
| Amazon CloudFront | cloudfront:ListDistributions |
| AWS CloudHSM | cloudhsm:DescribeClusters |
| Amazon CloudSearch | cloudsearch:DescribeDomains |
| AWS CodeBuild | codebuild:ListProjects |
| Amazon Cognito | |
| Amazon Connect | |
| Amazon Elastic Kubernetes Service (EKS) | eks:ListClusters |
| AWS DataSync | datasync:ListTasks |
| Amazon DynamoDB Accelerator (DAX) | dax:DescribeClusters |
| AWS Database Migration Service (AWS DMS) | dms:DescribeReplicationInstances |
| Amazon DocumentDB | rds:DescribeDBClusters |
| AWS Direct Connect | directconnect:DescribeConnections |
| Amazon DynamoDB | dynamodb:ListTables |
| Amazon DynamoDB (built-in) | dynamodb:ListTables, dynamodb:ListTagsOfResource |
| Amazon EBS | ec2:DescribeVolumes |
| Amazon EBS (built-in) | ec2:DescribeVolumes |
| Amazon EC2 API | |
| Amazon EC2 (built-in) | ec2:DescribeInstances |
| Amazon EC2 Spot Fleet | ec2:DescribeSpotFleetRequests |
| Amazon Elastic Container Service (ECS) | ecs:ListClusters |
| Amazon ECS Container Insights | ecs:ListClusters |
| Amazon ElastiCache (EC) | elasticache:DescribeCacheClusters |
| AWS Elastic Beanstalk | elasticbeanstalk:DescribeEnvironments |
| Amazon Elastic File System (EFS) | elasticfilesystem:DescribeFileSystems |
| Amazon Elastic Inference | |
| Amazon Elastic Map Reduce (EMR) | elasticmapreduce:ListClusters |
| Amazon Elasticsearch Service (ES) | es:ListDomainNames |
| Amazon Elastic Transcoder | elastictranscoder:ListPipelines |
| Amazon Elastic Load Balancer (ELB) (built-in) | elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth |
| Amazon EventBridge | events:ListEventBuses |
| Amazon FSx | fsx:DescribeFileSystems |
| Amazon GameLift | gamelift:ListFleets |
| AWS Glue | glue:GetJobs |
| Amazon Inspector | inspector:ListAssessmentTemplates |
| AWS Internet of Things (IoT) | |
| AWS IoT Analytics | |
| Amazon Managed Streaming for Kafka | kafka:ListClusters |
| Amazon Kinesis Data Analytics | kinesisanalytics:ListApplications |
| Amazon Data Firehose | firehose:ListDeliveryStreams |
| Amazon Kinesis Data Streams | kinesis:ListStreams |
| Amazon Kinesis Video Streams | kinesisvideo:ListStreams |
| AWS Lambda | lambda:ListFunctions |
| AWS Lambda (built-in) | lambda:ListFunctions, lambda:ListTags |
| Amazon Lex | lex:GetBots |
| Amazon Application and Network Load Balancer (built-in) | elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth |
| Amazon CloudWatch Logs | logs:DescribeLogGroups |
| AWS Elemental MediaConnect | mediaconnect:ListFlows |
| AWS Elemental MediaConvert | mediaconvert:DescribeEndpoints |
| AWS Elemental MediaPackage Live | mediapackage:ListChannels |
| AWS Elemental MediaPackage Video on Demand | mediapackage-vod:ListPackagingConfigurations |
| AWS Elemental MediaTailor | mediatailor:ListPlaybackConfigurations |
| Amazon VPC NAT Gateways | ec2:DescribeNatGateways |
| Amazon Neptune | rds:DescribeDBClusters |
| AWS OpsWorks | opsworks:DescribeStacks |
| Amazon Polly | |
| Amazon QLDB | qldb:ListLedgers |
| Amazon RDS | rds:DescribeDBInstances |
| Amazon RDS (built-in) | rds:DescribeDBInstances, rds:DescribeEvents, rds:ListTagsForResource |
| Amazon Redshift | redshift:DescribeClusters |
| Amazon Rekognition | |
| AWS RoboMaker | robomaker:ListSimulationJobs |
| Amazon Route 53 | route53:ListHostedZones |
| Amazon Route 53 Resolver | route53resolver:ListResolverEndpoints |
| Amazon S3 | s3:ListAllMyBuckets |
| Amazon S3 (built-in) | s3:ListAllMyBuckets |
| Amazon SageMaker Batch Transform Jobs | |
| Amazon SageMaker Endpoint Instances | sagemaker:ListEndpoints |
| Amazon SageMaker Endpoints | sagemaker:ListEndpoints |
| Amazon SageMaker Ground Truth | |
| Amazon SageMaker Processing Jobs | |
| Amazon SageMaker Training Jobs | |
| AWS Service Catalog | |
| Amazon Simple Email Service (SES) | |
| Amazon Simple Notification Service (SNS) | sns:ListTopics |
| Amazon Simple Queue Service (SQS) | sqs:ListQueues |
| AWS Systems Manager - Run Command | |
| AWS Step Functions | |
| AWS Storage Gateway | storagegateway:ListGateways |
| Amazon SWF | swf:ListDomains |
| Amazon Textract | |
| AWS IoT Things Graph | |
| AWS Transfer Family | transfer:ListServers |
| AWS Transit Gateway | ec2:DescribeTransitGateways |
| Amazon Translate | |
| AWS Trusted Advisor | |
| AWS API Usage | |
| AWS Site-to-Site VPN | ec2:DescribeVpnConnections |
| AWS WAF Classic | |
| AWS WAF | |
| Amazon WorkMail | workmail:ListOrganizations |
| Amazon WorkSpaces | workspaces:DescribeWorkspaces |
Example of JSON policy for one single service.
JSON policy for Amazon API Gateway
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"apigateway:GET",
"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"sts:GetCallerIdentity",
"tag:GetResources",
"tag:GetTagKeys",
"ec2:DescribeAvailabilityZones"
],
"Resource": "*"
}
]
}
In this example, from the complete list of permissions you need to select
"apigateway:GET"for Amazon API Gateway"cloudwatch:GetMetricData","cloudwatch:GetMetricStatistics","cloudwatch:ListMetrics","sts:GetCallerIdentity","tag:GetResources","tag:GetTagKeys", and"ec2:DescribeAvailabilityZones"for All AWS cloud services.
Enable monitoring¶
To learn how to enable service monitoring, see Enable service monitoring.
View service metrics¶
You can view the service metrics in your Dynatrace environment either on the custom device overview page or on your Dashboards page.
View metrics on the custom device overview page¶
To access the custom device overview page
- Go to
Technologies & Processes Classic. - Filter by service name and select the relevant custom device group.
- Once you select the custom device group, you're on the custom device group overview page.
- The custom device group overview page lists all instances (custom devices) belonging to the group. Select an instance to view the custom device overview page.
View metrics on your dashboard¶
After you add the service to monitoring, a preset dashboard containing all recommended metrics is automatically listed on your Dashboards page. To look for specific dashboards, filter by Preset and then by Name.

For existing monitored services, you might need to resave your credentials for the preset dashboard to appear on the Dashboards page. To resave your credentials, go to Settings > Cloud and virtualization > AWS, select the desired AWS instance, and then select Save.
You can't make changes on a preset dashboard directly, but you can clone and edit it. To clone a dashboard, open the browse menu (â¦) and select Clone.
To remove a dashboard from the dashboards page, you can hide it. To hide a dashboard, open the browse menu (â¦) and select Hide.
Hiding a dashboard doesn't affect other users.

To check the availability of preset dashboards for each AWS service, see the list below.
Preset dashboard availability list¶
| AWS service | Preset dashboard |
|---|---|
| Amazon EC2 Auto Scaling (built-in) | Not applicable |
| AWS Lambda (built-in) | Not applicable |
| Amazon Application and Network Load Balancer (built-in) | Not applicable |
| Amazon DynamoDB (built-in) | Not applicable |
| Amazon EBS (built-in) | Not applicable |
| Amazon EC2 (built-in) | Not applicable |
| Amazon Elastic Load Balancer (ELB) (built-in) | Not applicable |
| Amazon RDS (built-in) | Not applicable |
| Amazon S3 (built-in) | Not applicable |
| AWS Certificate Manager Private Certificate Authority | Not applicable |
| All monitored Amazon services | Not applicable |
| Amazon API Gateway | Not applicable |
| AWS App Runner | Not applicable |
| Amazon AppStream | Applicable |
| AWS AppSync | Applicable |
| Amazon Athena | Applicable |
| Amazon Aurora | Not applicable |
| Amazon EC2 Auto Scaling | Applicable |
| AWS Billing | Applicable |
| Amazon Keyspaces | Applicable |
| AWS Chatbot | Applicable |
| Amazon CloudFront | Not applicable |
| AWS CloudHSM | Applicable |
| Amazon CloudSearch | Applicable |
| AWS CodeBuild | Applicable |
| Amazon Cognito | Not applicable |
| Amazon Connect | Applicable |
| AWS DataSync | Applicable |
| Amazon DynamoDB Accelerator (DAX) | Applicable |
| AWS Database Migration Service (AWS DMS) | Applicable |
| Amazon DocumentDB | Applicable |
| AWS Direct Connect | Applicable |
| Amazon DynamoDB | Not applicable |
| Amazon EBS | Not applicable |
| Amazon EC2 Spot Fleet | Not applicable |
| Amazon EC2 API | Applicable |
| Amazon Elastic Container Service (ECS) | Not applicable |
| Amazon ECS Container Insights | Applicable |
| Amazon Elastic File System (EFS) | Not applicable |
| Amazon Elastic Kubernetes Service (EKS) | Applicable |
| Amazon ElastiCache (EC) | Not applicable |
| AWS Elastic Beanstalk | Applicable |
| Amazon Elastic Inference | Applicable |
| Amazon Elastic Transcoder | Applicable |
| Amazon Elastic Map Reduce (EMR) | Not applicable |
| Amazon Elasticsearch Service (ES) | Not applicable |
| Amazon EventBridge | Applicable |
| Amazon FSx | Applicable |
| Amazon GameLift | Applicable |
| AWS Glue | Not applicable |
| Amazon Inspector | Applicable |
| AWS Internet of Things (IoT) | Not applicable |
| AWS IoT Things Graph | Applicable |
| AWS IoT Analytics | Applicable |
| Amazon Managed Streaming for Kafka | Applicable |
| Amazon Kinesis Data Analytics | Not applicable |
| Amazon Data Firehose | Not applicable |
| Amazon Kinesis Data Streams | Not applicable |
| Amazon Kinesis Video Streams | Not applicable |
| AWS Lambda | Not applicable |
| Amazon Lex | Applicable |
| Amazon CloudWatch Logs | Applicable |
| AWS Elemental MediaTailor | Applicable |
| AWS Elemental MediaConnect | Applicable |
| AWS Elemental MediaConvert | Applicable |
| AWS Elemental MediaPackage Live | Applicable |
| AWS Elemental MediaPackage Video on Demand | Applicable |
| Amazon MQ | Applicable |
| Amazon VPC NAT Gateways | Not applicable |
| Amazon Neptune | Applicable |
| AWS OpsWorks | Applicable |
| Amazon Polly | Applicable |
| Amazon QLDB | Applicable |
| Amazon RDS | Not applicable |
| Amazon Redshift | Not applicable |
| Amazon Rekognition | Applicable |
| AWS RoboMaker | Applicable |
| Amazon Route 53 | Applicable |
| Amazon Route 53 Resolver | Applicable |
| Amazon S3 | Not applicable |
| Amazon SageMaker Batch Transform Jobs | Not applicable |
| Amazon SageMaker Endpoints | Not applicable |
| Amazon SageMaker Endpoint Instances | Not applicable |
| Amazon SageMaker Ground Truth | Not applicable |
| Amazon SageMaker Processing Jobs | Not applicable |
| Amazon SageMaker Training Jobs | Not applicable |
| AWS Service Catalog | Applicable |
| Amazon Simple Email Service (SES) | Not applicable |
| Amazon Simple Notification Service (SNS) | Not applicable |
| Amazon Simple Queue Service (SQS) | Not applicable |
| AWS Systems Manager - Run Command | Applicable |
| AWS Step Functions | Applicable |
| AWS Storage Gateway | Applicable |
| Amazon SWF | Applicable |
| Amazon Textract | Applicable |
| AWS Transfer Family | Applicable |
| AWS Transit Gateway | Applicable |
| Amazon Translate | Applicable |
| AWS Trusted Advisor | Applicable |
| AWS API Usage | Applicable |
| AWS Site-to-Site VPN | Applicable |
| AWS WAF Classic | Applicable |
| AWS WAF | Applicable |
| Amazon WorkMail | Applicable |
| Amazon WorkSpaces | Applicable |

Available metrics¶
| Name | Description | Unit | Statistics | Dimensions | Recommended |
|---|---|---|---|---|---|
| ActivitiesFailed | The number of failed activities | Count | Sum | Region, ActivityArn | Applicable |
| ActivitiesHeartbeatTimedOut | The number of activities that time out due to a heartbeat timeout | Count | Sum | Region, ActivityArn | Applicable |
| ActivitiesScheduled | The number of scheduled activities | Count | Sum | Region, ActivityArn | Applicable |
| ActivitiesStarted | The number of started activities | Count | Sum | Region, ActivityArn | |
| ActivitiesSucceeded | The number of successfully completed activities | Count | Sum | Region, ActivityArn | Applicable |
| ActivitiesTimedOut | The number of activities that time out on close | Count | Sum | Region, ActivityArn | Applicable |
| ActivityRunTime | The interval, in milliseconds, between the time the activity starts and the time it closes | Milliseconds | Multi | Region, ActivityArn | Applicable |
| ActivityScheduleTime | The interval, in milliseconds, for which the activity stays in the schedule state | Milliseconds | Multi | Region, ActivityArn | |
| ActivityTime | The interval, in milliseconds, between the time the activity is scheduled and the time it closes | Milliseconds | Multi | Region, ActivityArn | |
| ConsumedCapacity | The count of requests per second | Count | Sum | Region, ServiceMetric | Applicable |
| ConsumedCapacity | Count | Sum | Region, APIName | Applicable | |
| ExecutionThrottled | The number of StateEntered events and retries that have been throttled | Count | Sum | Region, StateMachineArn | Applicable |
| ExecutionTime | The interval, in milliseconds, between the time the execution starts and the time it closes | Milliseconds | Multi | Region, StateMachineArn | Applicable |
| ExecutionsAborted | The number of aborted or terminated executions | Count | Sum | Region, StateMachineArn | Applicable |
| ExecutionsFailed | The number of failed executions | Count | Sum | Region, StateMachineArn | Applicable |
| ExecutionsStarted | The number of started executions | Count | Sum | Region, StateMachineArn | Applicable |
| ExecutionsSucceeded | The number of successfully completed executions | Count | Sum | Region, StateMachineArn | Applicable |
| ExecutionsTimedOut | The number of executions that time out for any reason | Count | Sum | Region, StateMachineArn | Applicable |
| LambdaFunctionRunTime | The interval, in milliseconds, between the time the Lambda function starts and the time it closes | Milliseconds | Multi | Region, LambdaFunctionArn | Applicable |
| LambdaFunctionScheduleTime | The interval, in milliseconds, for which the Lambda function stays in the schedule state | Milliseconds | Multi | Region, LambdaFunctionArn | |
| LambdaFunctionTime | The interval, in milliseconds, between the time the Lambda function is scheduled and the time it closes | Milliseconds | Multi | Region, LambdaFunctionArn | |
| LambdaFunctionsFailed | The number of failed Lambda functions | Count | Sum | Region, LambdaFunctionArn | Applicable |
| LambdaFunctionsScheduled | The number of scheduled Lambda functions | Count | Sum | Region, LambdaFunctionArn | Applicable |
| LambdaFunctionsStarted | The number of started Lambda functions | Count | Sum | Region, LambdaFunctionArn | |
| LambdaFunctionsSucceeded | The number of successfully completed Lambda functions | Count | Sum | Region, LambdaFunctionArn | Applicable |
| LambdaFunctionsTimedOut | The number of Lambda functions that time out on close | Count | Sum | Region, LambdaFunctionArn | Applicable |
| ProvisionedBucketSize | The count of available requests per second | Count | Multi | Region, ServiceMetric | |
| ProvisionedBucketSize | Count | Multi | Region, APIName | ||
| ProvisionedRefillRate | The count of requests per second that are allowed into the bucket | Count | Multi | Region, ServiceMetric | |
| ProvisionedRefillRate | Count | Multi | Region, APIName | ||
| ServiceIntegrationRunTime | The interval, in milliseconds, between the time the service task starts and the time it closes | Milliseconds | Multi | Region, ServiceIntegrationResourceArn | Applicable |
| ServiceIntegrationScheduleTime | The interval, in milliseconds, for which the service task stays in the schedule state | Milliseconds | Multi | Region, ServiceIntegrationResourceArn | |
| ServiceIntegrationTime | The interval, in milliseconds, between the time the service task is scheduled and the time it closes | Milliseconds | Multi | Region, ServiceIntegrationResourceArn | |
| ServiceIntegrationsFailed | The number of failed service tasks | Count | Sum | Region, ServiceIntegrationResourceArn | Applicable |
| ServiceIntegrationsScheduled | The number of scheduled service tasks. | Count | Sum | Region, ServiceIntegrationResourceArn | Applicable |
| ServiceIntegrationsStarted | The number of started service tasks | Count | Sum | Region, ServiceIntegrationResourceArn | |
| ServiceIntegrationsSucceeded | The number of successfully completed service tasks | Count | Sum | Region, ServiceIntegrationResourceArn | Applicable |
| ServiceIntegrationsTimedOut | The number of service tasks that time out on close | Count | Sum | Region, ServiceIntegrationResourceArn | Applicable |
| ThrottledEvents | The count of requests that have been throttled | Count | Sum | Region, ServiceMetric | Applicable |
| ThrottledEvents | Count | Sum | Region, APIName | Applicable |
Limitations¶
Dynatrace gathers metrics for AWS Step Functions at the custom device group level instead of the custom device level (metrics are service-wide).
Source: aws-service-storage-gateway.md¶
title: AWS Storage Gateway monitoring source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-with-aws/aws-all-services/aws-service-storage-gateway scraped: 2026-02-15T09:13:09.758595
AWS Storage Gateway monitoring¶
AWS Storage Gateway monitoring¶
- How-to guide
- 6-min read
- Published Jul 06, 2020
Dynatrace ingests metrics for multiple preselected namespaces, including AWS Storage Gateway. You can view metrics for each service instance, split metrics into multiple dimensions, and create custom charts that you can pin to your dashboards.
Prerequisites¶
To enable monitoring for this service, you need
-
ActiveGate version 1.197+
-
For Dynatrace SaaS deployments, you need an Environment ActiveGate or a Multi-environment ActiveGate.
For role-based access in SaaS deployment, you need an Environment ActiveGate installed on an Amazon EC2 host.
- Dynatrace version 1.200+
- An updated AWS monitoring policy to include the additional AWS services.
To update the AWS IAM policy, use the JSON below, containing the monitoring policy (permissions) for all supporting services.
JSON predefined policy for all supporting services
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"acm-pca:ListCertificateAuthorities",
"apigateway:GET",
"apprunner:ListServices",
"appstream:DescribeFleets",
"appsync:ListGraphqlApis",
"athena:ListWorkGroups",
"autoscaling:DescribeAutoScalingGroups",
"cloudformation:ListStackResources",
"cloudfront:ListDistributions",
"cloudhsm:DescribeClusters",
"cloudsearch:DescribeDomains",
"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"codebuild:ListProjects",
"datasync:ListTasks",
"dax:DescribeClusters",
"directconnect:DescribeConnections",
"dms:DescribeReplicationInstances",
"dynamodb:ListTables",
"dynamodb:ListTagsOfResource",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeInstances",
"ec2:DescribeNatGateways",
"ec2:DescribeSpotFleetRequests",
"ec2:DescribeTransitGateways",
"ec2:DescribeVolumes",
"ec2:DescribeVpnConnections",
"ecs:ListClusters",
"eks:ListClusters",
"elasticache:DescribeCacheClusters",
"elasticbeanstalk:DescribeEnvironmentResources",
"elasticbeanstalk:DescribeEnvironments",
"elasticfilesystem:DescribeFileSystems",
"elasticloadbalancing:DescribeInstanceHealth",
"elasticloadbalancing:DescribeListeners",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeRules",
"elasticloadbalancing:DescribeTags",
"elasticloadbalancing:DescribeTargetHealth",
"elasticmapreduce:ListClusters",
"elastictranscoder:ListPipelines",
"es:ListDomainNames",
"events:ListEventBuses",
"firehose:ListDeliveryStreams",
"fsx:DescribeFileSystems",
"gamelift:ListFleets",
"glue:GetJobs",
"inspector:ListAssessmentTemplates",
"kafka:ListClusters",
"kinesis:ListStreams",
"kinesisanalytics:ListApplications",
"kinesisvideo:ListStreams",
"lambda:ListFunctions",
"lambda:ListTags",
"lex:GetBots",
"logs:DescribeLogGroups",
"mediaconnect:ListFlows",
"mediaconvert:DescribeEndpoints",
"mediapackage-vod:ListPackagingConfigurations",
"mediapackage:ListChannels",
"mediatailor:ListPlaybackConfigurations",
"opsworks:DescribeStacks",
"qldb:ListLedgers",
"rds:DescribeDBClusters",
"rds:DescribeDBInstances",
"rds:DescribeEvents",
"rds:ListTagsForResource",
"redshift:DescribeClusters",
"robomaker:ListSimulationJobs",
"route53:ListHostedZones",
"route53resolver:ListResolverEndpoints",
"s3:ListAllMyBuckets",
"sagemaker:ListEndpoints",
"sns:ListTopics",
"sqs:ListQueues",
"storagegateway:ListGateways",
"sts:GetCallerIdentity",
"swf:ListDomains",
"tag:GetResources",
"tag:GetTagKeys",
"transfer:ListServers",
"workmail:ListOrganizations",
"workspaces:DescribeWorkspaces"
],
"Resource": "*"
}
]
}
If you don't want to add permissions to all services, and just select permissions for certain services, consult the table below. The table contains a set of permissions that are required for All AWS cloud services and, for each supporting service, a list of optional permissions specific to that service.
Permissions required for AWS monitoring integration:
"cloudwatch:GetMetricData""cloudwatch:GetMetricStatistics""cloudwatch:ListMetrics""sts:GetCallerIdentity""tag:GetResources""tag:GetTagKeys""ec2:DescribeAvailabilityZones"
Complete list of permissions for cloud services¶
| Name | Permissions |
|---|---|
| All monitored Amazon services Required | cloudwatch:GetMetricData, cloudwatch:GetMetricStatistics, cloudwatch:ListMetrics, sts:GetCallerIdentity, tag:GetResources, tag:GetTagKeys, ec2:DescribeAvailabilityZones |
| AWS Certificate Manager Private Certificate Authority | acm-pca:ListCertificateAuthorities |
| Amazon MQ | |
| Amazon API Gateway | apigateway:GET |
| AWS App Runner | apprunner:ListServices |
| Amazon AppStream | appstream:DescribeFleets |
| AWS AppSync | appsync:ListGraphqlApis |
| Amazon Athena | athena:ListWorkGroups |
| Amazon Aurora | rds:DescribeDBClusters |
| Amazon EC2 Auto Scaling | autoscaling:DescribeAutoScalingGroups |
| Amazon EC2 Auto Scaling (built-in) | autoscaling:DescribeAutoScalingGroups |
| AWS Billing | |
| Amazon Keyspaces | |
| AWS Chatbot | |
| Amazon CloudFront | cloudfront:ListDistributions |
| AWS CloudHSM | cloudhsm:DescribeClusters |
| Amazon CloudSearch | cloudsearch:DescribeDomains |
| AWS CodeBuild | codebuild:ListProjects |
| Amazon Cognito | |
| Amazon Connect | |
| Amazon Elastic Kubernetes Service (EKS) | eks:ListClusters |
| AWS DataSync | datasync:ListTasks |
| Amazon DynamoDB Accelerator (DAX) | dax:DescribeClusters |
| AWS Database Migration Service (AWS DMS) | dms:DescribeReplicationInstances |
| Amazon DocumentDB | rds:DescribeDBClusters |
| AWS Direct Connect | directconnect:DescribeConnections |
| Amazon DynamoDB | dynamodb:ListTables |
| Amazon DynamoDB (built-in) | dynamodb:ListTables, dynamodb:ListTagsOfResource |
| Amazon EBS | ec2:DescribeVolumes |
| Amazon EBS (built-in) | ec2:DescribeVolumes |
| Amazon EC2 API | |
| Amazon EC2 (built-in) | ec2:DescribeInstances |
| Amazon EC2 Spot Fleet | ec2:DescribeSpotFleetRequests |
| Amazon Elastic Container Service (ECS) | ecs:ListClusters |
| Amazon ECS Container Insights | ecs:ListClusters |
| Amazon ElastiCache (EC) | elasticache:DescribeCacheClusters |
| AWS Elastic Beanstalk | elasticbeanstalk:DescribeEnvironments |
| Amazon Elastic File System (EFS) | elasticfilesystem:DescribeFileSystems |
| Amazon Elastic Inference | |
| Amazon Elastic Map Reduce (EMR) | elasticmapreduce:ListClusters |
| Amazon Elasticsearch Service (ES) | es:ListDomainNames |
| Amazon Elastic Transcoder | elastictranscoder:ListPipelines |
| Amazon Elastic Load Balancer (ELB) (built-in) | elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth |
| Amazon EventBridge | events:ListEventBuses |
| Amazon FSx | fsx:DescribeFileSystems |
| Amazon GameLift | gamelift:ListFleets |
| AWS Glue | glue:GetJobs |
| Amazon Inspector | inspector:ListAssessmentTemplates |
| AWS Internet of Things (IoT) | |
| AWS IoT Analytics | |
| Amazon Managed Streaming for Kafka | kafka:ListClusters |
| Amazon Kinesis Data Analytics | kinesisanalytics:ListApplications |
| Amazon Data Firehose | firehose:ListDeliveryStreams |
| Amazon Kinesis Data Streams | kinesis:ListStreams |
| Amazon Kinesis Video Streams | kinesisvideo:ListStreams |
| AWS Lambda | lambda:ListFunctions |
| AWS Lambda (built-in) | lambda:ListFunctions, lambda:ListTags |
| Amazon Lex | lex:GetBots |
| Amazon Application and Network Load Balancer (built-in) | elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth |
| Amazon CloudWatch Logs | logs:DescribeLogGroups |
| AWS Elemental MediaConnect | mediaconnect:ListFlows |
| AWS Elemental MediaConvert | mediaconvert:DescribeEndpoints |
| AWS Elemental MediaPackage Live | mediapackage:ListChannels |
| AWS Elemental MediaPackage Video on Demand | mediapackage-vod:ListPackagingConfigurations |
| AWS Elemental MediaTailor | mediatailor:ListPlaybackConfigurations |
| Amazon VPC NAT Gateways | ec2:DescribeNatGateways |
| Amazon Neptune | rds:DescribeDBClusters |
| AWS OpsWorks | opsworks:DescribeStacks |
| Amazon Polly | |
| Amazon QLDB | qldb:ListLedgers |
| Amazon RDS | rds:DescribeDBInstances |
| Amazon RDS (built-in) | rds:DescribeDBInstances, rds:DescribeEvents, rds:ListTagsForResource |
| Amazon Redshift | redshift:DescribeClusters |
| Amazon Rekognition | |
| AWS RoboMaker | robomaker:ListSimulationJobs |
| Amazon Route 53 | route53:ListHostedZones |
| Amazon Route 53 Resolver | route53resolver:ListResolverEndpoints |
| Amazon S3 | s3:ListAllMyBuckets |
| Amazon S3 (built-in) | s3:ListAllMyBuckets |
| Amazon SageMaker Batch Transform Jobs | |
| Amazon SageMaker Endpoint Instances | sagemaker:ListEndpoints |
| Amazon SageMaker Endpoints | sagemaker:ListEndpoints |
| Amazon SageMaker Ground Truth | |
| Amazon SageMaker Processing Jobs | |
| Amazon SageMaker Training Jobs | |
| AWS Service Catalog | |
| Amazon Simple Email Service (SES) | |
| Amazon Simple Notification Service (SNS) | sns:ListTopics |
| Amazon Simple Queue Service (SQS) | sqs:ListQueues |
| AWS Systems Manager - Run Command | |
| AWS Step Functions | |
| AWS Storage Gateway | storagegateway:ListGateways |
| Amazon SWF | swf:ListDomains |
| Amazon Textract | |
| AWS IoT Things Graph | |
| AWS Transfer Family | transfer:ListServers |
| AWS Transit Gateway | ec2:DescribeTransitGateways |
| Amazon Translate | |
| AWS Trusted Advisor | |
| AWS API Usage | |
| AWS Site-to-Site VPN | ec2:DescribeVpnConnections |
| AWS WAF Classic | |
| AWS WAF | |
| Amazon WorkMail | workmail:ListOrganizations |
| Amazon WorkSpaces | workspaces:DescribeWorkspaces |
Example of JSON policy for one single service.
JSON policy for Amazon API Gateway
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"apigateway:GET",
"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"sts:GetCallerIdentity",
"tag:GetResources",
"tag:GetTagKeys",
"ec2:DescribeAvailabilityZones"
],
"Resource": "*"
}
]
}
In this example, from the complete list of permissions you need to select
"apigateway:GET"for Amazon API Gateway"cloudwatch:GetMetricData","cloudwatch:GetMetricStatistics","cloudwatch:ListMetrics","sts:GetCallerIdentity","tag:GetResources","tag:GetTagKeys", and"ec2:DescribeAvailabilityZones"for All AWS cloud services.
AWS endpoints that need to be reachable from ActiveGate with corresponding AWS services¶
| Endpoint | Service |
|---|---|
autoscaling.<REGION>.amazonaws.com |
Amazon EC2 Auto Scaling (built-in), Amazon EC2 Auto Scaling |
lambda.<REGION>.amazonaws.com |
AWS Lambda (built-in), AWS Lambda |
elasticloadbalancing.<REGION>.amazonaws.com |
Amazon Application and Network Load Balancer (built-in), Amazon Elastic Load Balancer (ELB) (built-in) |
dynamodb.<REGION>.amazonaws.com |
Amazon DynamoDB (built-in), Amazon DynamoDB |
ec2.<REGION>.amazonaws.com |
Amazon EBS (built-in), Amazon EC2 (built-in), Amazon EBS, Amazon EC2 Spot Fleet, Amazon VPC NAT Gateways, AWS Transit Gateway, AWS Site-to-Site VPN |
rds.<REGION>.amazonaws.com |
Amazon RDS (built-in), Amazon Aurora, Amazon DocumentDB, Amazon Neptune, Amazon RDS |
s3.<REGION>.amazonaws.com |
Amazon S3 (built-in) |
acm-pca.<REGION>.amazonaws.com |
AWS Certificate Manager Private Certificate Authority |
apigateway.<REGION>.amazonaws.com |
Amazon API Gateway |
apprunner.<REGION>.amazonaws.com |
AWS App Runner |
appstream2.<REGION>.amazonaws.com |
Amazon AppStream |
appsync.<REGION>.amazonaws.com |
AWS AppSync |
athena.<REGION>.amazonaws.com |
Amazon Athena |
cloudfront.amazonaws.com |
Amazon CloudFront |
cloudhsmv2.<REGION>.amazonaws.com |
AWS CloudHSM |
cloudsearch.<REGION>.amazonaws.com |
Amazon CloudSearch |
codebuild.<REGION>.amazonaws.com |
AWS CodeBuild |
datasync.<REGION>.amazonaws.com |
AWS DataSync |
dax.<REGION>.amazonaws.com |
Amazon DynamoDB Accelerator (DAX) |
dms.<REGION>.amazonaws.com |
AWS Database Migration Service (AWS DMS) |
directconnect.<REGION>.amazonaws.com |
AWS Direct Connect |
ecs.<REGION>.amazonaws.com |
Amazon Elastic Container Service (ECS), Amazon ECS Container Insights |
elasticfilesystem.<REGION>.amazonaws.com |
Amazon Elastic File System (EFS) |
eks.<REGION>.amazonaws.com |
Amazon Elastic Kubernetes Service (EKS) |
elasticache.<REGION>.amazonaws.com |
Amazon ElastiCache (EC) |
elasticbeanstalk.<REGION>.amazonaws.com |
AWS Elastic Beanstalk |
elastictranscoder.<REGION>.amazonaws.com |
Amazon Elastic Transcoder |
es.<REGION>.amazonaws.com |
Amazon Elasticsearch Service (ES) |
events.<REGION>.amazonaws.com |
Amazon EventBridge |
fsx.<REGION>.amazonaws.com |
Amazon FSx |
gamelift.<REGION>.amazonaws.com |
Amazon GameLift |
glue.<REGION>.amazonaws.com |
AWS Glue |
inspector.<REGION>.amazonaws.com |
Amazon Inspector |
kafka.<REGION>.amazonaws.com |
Amazon Managed Streaming for Kafka |
models.lex.<REGION>.amazonaws.com |
Amazon Lex |
logs.<REGION>.amazonaws.com |
Amazon CloudWatch Logs |
api.mediatailor.<REGION>.amazonaws.com |
AWS Elemental MediaTailor |
mediaconnect.<REGION>.amazonaws.com |
AWS Elemental MediaConnect |
mediapackage.<REGION>.amazonaws.com |
AWS Elemental MediaPackage Live |
mediapackage-vod.<REGION>.amazonaws.com |
AWS Elemental MediaPackage Video on Demand |
opsworks.<REGION>.amazonaws.com |
AWS OpsWorks |
qldb.<REGION>.amazonaws.com |
Amazon QLDB |
redshift.<REGION>.amazonaws.com |
Amazon Redshift |
robomaker.<REGION>.amazonaws.com |
AWS RoboMaker |
route53.amazonaws.com |
Amazon Route 53 |
route53resolver.<REGION>.amazonaws.com |
Amazon Route 53 Resolver |
api.sagemaker.<REGION>.amazonaws.com |
Amazon SageMaker Endpoints, Amazon SageMaker Endpoint Instances |
sns.<REGION>.amazonaws.com |
Amazon Simple Notification Service (SNS) |
sqs.<REGION>.amazonaws.com |
Amazon Simple Queue Service (SQS) |
storagegateway.<REGION>.amazonaws.com |
AWS Storage Gateway |
swf.<REGION>.amazonaws.com |
Amazon SWF |
transfer.<REGION>.amazonaws.com |
AWS Transfer Family |
workmail.<REGION>.amazonaws.com |
Amazon WorkMail |
workspaces.<REGION>.amazonaws.com |
Amazon WorkSpaces |
Enable monitoring¶
To learn how to enable service monitoring, see Enable service monitoring.
View service metrics¶
You can view the service metrics in your Dynatrace environment either on the custom device overview page or on your Dashboards page.
View metrics on the custom device overview page¶
To access the custom device overview page
- Go to
Technologies & Processes Classic. - Filter by service name and select the relevant custom device group.
- Once you select the custom device group, you're on the custom device group overview page.
- The custom device group overview page lists all instances (custom devices) belonging to the group. Select an instance to view the custom device overview page.
View metrics on your dashboard¶
After you add the service to monitoring, a preset dashboard containing all recommended metrics is automatically listed on your Dashboards page. To look for specific dashboards, filter by Preset and then by Name.

For existing monitored services, you might need to resave your credentials for the preset dashboard to appear on the Dashboards page. To resave your credentials, go to Settings > Cloud and virtualization > AWS, select the desired AWS instance, and then select Save.
You can't make changes on a preset dashboard directly, but you can clone and edit it. To clone a dashboard, open the browse menu (â¦) and select Clone.
To remove a dashboard from the dashboards page, you can hide it. To hide a dashboard, open the browse menu (â¦) and select Hide.
Hiding a dashboard doesn't affect other users.

To check the availability of preset dashboards for each AWS service, see the list below.
Preset dashboard availability list¶
| AWS service | Preset dashboard |
|---|---|
| Amazon EC2 Auto Scaling (built-in) | Not applicable |
| AWS Lambda (built-in) | Not applicable |
| Amazon Application and Network Load Balancer (built-in) | Not applicable |
| Amazon DynamoDB (built-in) | Not applicable |
| Amazon EBS (built-in) | Not applicable |
| Amazon EC2 (built-in) | Not applicable |
| Amazon Elastic Load Balancer (ELB) (built-in) | Not applicable |
| Amazon RDS (built-in) | Not applicable |
| Amazon S3 (built-in) | Not applicable |
| AWS Certificate Manager Private Certificate Authority | Not applicable |
| All monitored Amazon services | Not applicable |
| Amazon API Gateway | Not applicable |
| AWS App Runner | Not applicable |
| Amazon AppStream | Applicable |
| AWS AppSync | Applicable |
| Amazon Athena | Applicable |
| Amazon Aurora | Not applicable |
| Amazon EC2 Auto Scaling | Applicable |
| AWS Billing | Applicable |
| Amazon Keyspaces | Applicable |
| AWS Chatbot | Applicable |
| Amazon CloudFront | Not applicable |
| AWS CloudHSM | Applicable |
| Amazon CloudSearch | Applicable |
| AWS CodeBuild | Applicable |
| Amazon Cognito | Not applicable |
| Amazon Connect | Applicable |
| AWS DataSync | Applicable |
| Amazon DynamoDB Accelerator (DAX) | Applicable |
| AWS Database Migration Service (AWS DMS) | Applicable |
| Amazon DocumentDB | Applicable |
| AWS Direct Connect | Applicable |
| Amazon DynamoDB | Not applicable |
| Amazon EBS | Not applicable |
| Amazon EC2 Spot Fleet | Not applicable |
| Amazon EC2 API | Applicable |
| Amazon Elastic Container Service (ECS) | Not applicable |
| Amazon ECS Container Insights | Applicable |
| Amazon Elastic File System (EFS) | Not applicable |
| Amazon Elastic Kubernetes Service (EKS) | Applicable |
| Amazon ElastiCache (EC) | Not applicable |
| AWS Elastic Beanstalk | Applicable |
| Amazon Elastic Inference | Applicable |
| Amazon Elastic Transcoder | Applicable |
| Amazon Elastic Map Reduce (EMR) | Not applicable |
| Amazon Elasticsearch Service (ES) | Not applicable |
| Amazon EventBridge | Applicable |
| Amazon FSx | Applicable |
| Amazon GameLift | Applicable |
| AWS Glue | Not applicable |
| Amazon Inspector | Applicable |
| AWS Internet of Things (IoT) | Not applicable |
| AWS IoT Things Graph | Applicable |
| AWS IoT Analytics | Applicable |
| Amazon Managed Streaming for Kafka | Applicable |
| Amazon Kinesis Data Analytics | Not applicable |
| Amazon Data Firehose | Not applicable |
| Amazon Kinesis Data Streams | Not applicable |
| Amazon Kinesis Video Streams | Not applicable |
| AWS Lambda | Not applicable |
| Amazon Lex | Applicable |
| Amazon CloudWatch Logs | Applicable |
| AWS Elemental MediaTailor | Applicable |
| AWS Elemental MediaConnect | Applicable |
| AWS Elemental MediaConvert | Applicable |
| AWS Elemental MediaPackage Live | Applicable |
| AWS Elemental MediaPackage Video on Demand | Applicable |
| Amazon MQ | Applicable |
| Amazon VPC NAT Gateways | Not applicable |
| Amazon Neptune | Applicable |
| AWS OpsWorks | Applicable |
| Amazon Polly | Applicable |
| Amazon QLDB | Applicable |
| Amazon RDS | Not applicable |
| Amazon Redshift | Not applicable |
| Amazon Rekognition | Applicable |
| AWS RoboMaker | Applicable |
| Amazon Route 53 | Applicable |
| Amazon Route 53 Resolver | Applicable |
| Amazon S3 | Not applicable |
| Amazon SageMaker Batch Transform Jobs | Not applicable |
| Amazon SageMaker Endpoints | Not applicable |
| Amazon SageMaker Endpoint Instances | Not applicable |
| Amazon SageMaker Ground Truth | Not applicable |
| Amazon SageMaker Processing Jobs | Not applicable |
| Amazon SageMaker Training Jobs | Not applicable |
| AWS Service Catalog | Applicable |
| Amazon Simple Email Service (SES) | Not applicable |
| Amazon Simple Notification Service (SNS) | Not applicable |
| Amazon Simple Queue Service (SQS) | Not applicable |
| AWS Systems Manager - Run Command | Applicable |
| AWS Step Functions | Applicable |
| AWS Storage Gateway | Applicable |
| Amazon SWF | Applicable |
| Amazon Textract | Applicable |
| AWS Transfer Family | Applicable |
| AWS Transit Gateway | Applicable |
| Amazon Translate | Applicable |
| AWS Trusted Advisor | Applicable |
| AWS API Usage | Applicable |
| AWS Site-to-Site VPN | Applicable |
| AWS WAF Classic | Applicable |
| AWS WAF | Applicable |
| Amazon WorkMail | Applicable |
| Amazon WorkSpaces | Applicable |

Available metrics¶
GatewayName is the main dimension.
| Name | Description | Unit | Statistics | Dimensions | Recommended |
|---|---|---|---|---|---|
| CacheFree | The total number of bytes available in the gateway's cache storage | Bytes | Sum | GatewayName, GatewayId | Applicable |
| CacheHitPercent | Percentage of application reads served from the cache | Percent | Multi | Region, ShareId | Applicable |
| CacheHitPercent | Percent | Multi | Region, VolumeId | Applicable | |
| CacheHitPercent | Percent | Multi | GatewayName, GatewayId | Applicable | |
| CachePercentDirty | Percentage of the cache that is dirtyâthat is, it contains content that has not been uploaded to AWS | Percent | Multi | Region, ShareId | Applicable |
| CachePercentDirty | Percent | Multi | Region, VolumeId | Applicable | |
| CachePercentDirty | Percent | Multi | GatewayName, GatewayId | Applicable | |
| CachePercentUsed | Percentage of the gateway's cache storage being used | Percent | Multi | Region, ShareId | Applicable |
| CachePercentUsed | Percent | Multi | Region, VolumeId | Applicable | |
| CachePercentUsed | Percent | Multi | GatewayName, GatewayId | Applicable | |
| CacheUsed | The total number of bytes being used in the gateway's cache storage | Bytes | Sum | GatewayName, GatewayId | Applicable |
| CloudBytesDownloaded | The total number of bytes that the gateway sent to the cloud during the reporting period. This metric includes the activity of all the volumes on the gateway. | Bytes | Sum | Region, ShareId | Applicable |
| CloudBytesDownloaded | Bytes | Count | Region, ShareId | ||
| CloudBytesDownloaded | Bytes | Sum | GatewayName, GatewayId | Applicable | |
| CloudBytesDownloaded | Bytes | Count | GatewayName, GatewayId | ||
| CloudBytesUploaded | The total number of bytes that the gateway sent to the cloud during the reporting period | Bytes | Sum | Region, ShareId | Applicable |
| CloudBytesUploaded | Bytes | Count | Region, ShareId | ||
| CloudBytesUploaded | Bytes | Sum | GatewayName, GatewayId | ||
| CloudBytesUploaded | Bytes | Count | GatewayName, GatewayId | ||
| CloudDownloadLatency | The latency in downloading the data from the cloud to the gateway | Milliseconds | Multi | GatewayName, GatewayId | |
| IndexFetches | The number of files for which metadata was fetched | Count | Sum | Region, ShareId | Applicable |
| IndexFetches | Count | Sum | GatewayName, GatewayId | Applicable | |
| IoWaitPercent | Percentage of time that the gateway is waiting on a response from the local disk | Percent | Multi | GatewayName | Applicable |
| MemTotalBytes | Amount of RAM provisioned to the gateway VM, in bytes | Bytes | Sum | GatewayName | Applicable |
| MemUsedBytes | Amount of RAM currently in use by the gateway VM, in bytes | Bytes | Sum | GatewayName | Applicable |
| NfsSessions | The number of NFS session that are active on the gateway | Count | Sum | GatewayName | Applicable |
| QueuedWrites | The number of bytes waiting to be written to AWS, sampled at the end of the reporting period for all volumes in the gateway | Bytes | Sum | Region, VolumeId | Applicable |
| QueuedWrites | Bytes | Sum | GatewayName, GatewayId | Applicable | |
| ReadBytes | The total number of bytes read from your on-premises applications in the reporting period for all volumes in the gateway | Bytes | Sum | Region, VolumeId | Applicable |
| ReadBytes | Bytes | Count | Region, VolumeId | ||
| ReadBytes | Bytes | Sum | GatewayName, GatewayId | Applicable | |
| ReadBytes | Bytes | Count | GatewayName, GatewayId | ||
| ReadTime | The total number of milliseconds spent on read operations from your on-premises applications in the reporting period for all volumes in the gateway | Milliseconds | Multi | Region, VolumeId | Applicable |
| ReadTime | Milliseconds | Multi | GatewayNam, GatewayIde | Applicable | |
| SmbV1Sessions | The number of Server Message Block (SMB) version 1 sessions that are active on the gateway | Count | Sum | GatewayName | |
| SmbV2Sessions | The number of SMB version 2 sessions that are active on the gateway | Count | Sum | GatewayName | |
| SmbV3Sessions | The number of SMB version 3 sessions that are active on the gateway | Count | Sum | GatewayName | |
| TimeSinceLastRecoveryPoint | The time since the last available recovery point | Seconds | Multi | Region, VolumeId | Applicable |
| TimeSinceLastRecoveryPoint | Seconds | Multi | GatewayName, GatewayId | ||
| TotalCacheSize | The total size of the cache in bytes | Bytes | Sum | GatewayName, GatewayId | Applicable |
| UploadBufferFree | Bytes | Sum | GatewayName, GatewayId | Applicable | |
| UploadBufferPercentUsed | Percentage of the gateway's upload buffer used | Percent | Multi | GatewayName, GatewayId | Applicable |
| UploadBufferUsed | The total number of bytes being used in the gateway's upload buffer | Bytes | Sum | GatewayName, GatewayId | Applicable |
| UserCpuPercent | Percentage of CPU time spent on gateway processing, averaged across all cores | Percent | Multi | GatewayName | |
| WorkingStorageFree | The total amount of unused space in the gateway's working storage | Bytes | Sum | GatewayName, GatewayId | Applicable |
| WorkingStoragePercentUsed | Percentage of the gateway's upload buffer used | Percent | Multi | GatewayName, GatewayId | Applicable |
| WorkingStorageUsed | The total number of bytes being used in the gateway's upload buffer | Bytes | Sum | GatewayName, GatewayId | Applicable |
| WriteBytes | The total number of bytes written to your on-premises applications in the reporting period for all volumes in the gateway | Bytes | Sum | Region, VolumeId | Applicable |
| WriteBytes | Bytes | Count | Region, VolumeId | ||
| WriteBytes | Bytes | Sum | GatewayName, GatewayId | Applicable | |
| WriteBytes | Bytes | Count | GatewayName, GatewayId | ||
| WriteTime | The total number of milliseconds spent on write operations from your on-premises applications in the reporting period for all volumes in the gateway | Milliseconds | Multi | Region, VolumeId | Applicable |
| WriteTime | Milliseconds | Multi | GatewayName, GatewayId | Applicable |
Source: aws-service-systems-manager-run-command.md¶
title: AWS Systems Manager Run Command monitoring source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-with-aws/aws-all-services/aws-service-systems-manager-run-command scraped: 2026-02-18T05:50:40.467252
AWS Systems Manager Run Command monitoring¶
AWS Systems Manager Run Command monitoring¶
- How-to guide
- 1-min read
- Published Sep 08, 2020
Dynatrace ingests metrics for multiple preselected namespaces, including AWS Systems Manager Run Command. You can view metrics for each service instance, split metrics into multiple dimensions, and create custom charts that you can pin to your dashboards.
Prerequisites¶
To enable monitoring for this service, you need
-
ActiveGate version 1.197+
-
For Dynatrace SaaS deployments, you need an Environment ActiveGate or a Multi-environment ActiveGate.
For role-based access in a SaaS deployment, you need an Environment ActiveGate installed on an Amazon EC2 host.
- Dynatrace version 1.201+
- An updated AWS monitoring policy to include the additional AWS services.
To update the AWS IAM policy, use the JSON below, containing the monitoring policy (permissions) for all supporting services.
JSON predefined policy for all supporting services
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"acm-pca:ListCertificateAuthorities",
"apigateway:GET",
"apprunner:ListServices",
"appstream:DescribeFleets",
"appsync:ListGraphqlApis",
"athena:ListWorkGroups",
"autoscaling:DescribeAutoScalingGroups",
"cloudformation:ListStackResources",
"cloudfront:ListDistributions",
"cloudhsm:DescribeClusters",
"cloudsearch:DescribeDomains",
"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"codebuild:ListProjects",
"datasync:ListTasks",
"dax:DescribeClusters",
"directconnect:DescribeConnections",
"dms:DescribeReplicationInstances",
"dynamodb:ListTables",
"dynamodb:ListTagsOfResource",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeInstances",
"ec2:DescribeNatGateways",
"ec2:DescribeSpotFleetRequests",
"ec2:DescribeTransitGateways",
"ec2:DescribeVolumes",
"ec2:DescribeVpnConnections",
"ecs:ListClusters",
"eks:ListClusters",
"elasticache:DescribeCacheClusters",
"elasticbeanstalk:DescribeEnvironmentResources",
"elasticbeanstalk:DescribeEnvironments",
"elasticfilesystem:DescribeFileSystems",
"elasticloadbalancing:DescribeInstanceHealth",
"elasticloadbalancing:DescribeListeners",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeRules",
"elasticloadbalancing:DescribeTags",
"elasticloadbalancing:DescribeTargetHealth",
"elasticmapreduce:ListClusters",
"elastictranscoder:ListPipelines",
"es:ListDomainNames",
"events:ListEventBuses",
"firehose:ListDeliveryStreams",
"fsx:DescribeFileSystems",
"gamelift:ListFleets",
"glue:GetJobs",
"inspector:ListAssessmentTemplates",
"kafka:ListClusters",
"kinesis:ListStreams",
"kinesisanalytics:ListApplications",
"kinesisvideo:ListStreams",
"lambda:ListFunctions",
"lambda:ListTags",
"lex:GetBots",
"logs:DescribeLogGroups",
"mediaconnect:ListFlows",
"mediaconvert:DescribeEndpoints",
"mediapackage-vod:ListPackagingConfigurations",
"mediapackage:ListChannels",
"mediatailor:ListPlaybackConfigurations",
"opsworks:DescribeStacks",
"qldb:ListLedgers",
"rds:DescribeDBClusters",
"rds:DescribeDBInstances",
"rds:DescribeEvents",
"rds:ListTagsForResource",
"redshift:DescribeClusters",
"robomaker:ListSimulationJobs",
"route53:ListHostedZones",
"route53resolver:ListResolverEndpoints",
"s3:ListAllMyBuckets",
"sagemaker:ListEndpoints",
"sns:ListTopics",
"sqs:ListQueues",
"storagegateway:ListGateways",
"sts:GetCallerIdentity",
"swf:ListDomains",
"tag:GetResources",
"tag:GetTagKeys",
"transfer:ListServers",
"workmail:ListOrganizations",
"workspaces:DescribeWorkspaces"
],
"Resource": "*"
}
]
}
If you don't want to add permissions to all services, and just select permissions for certain services, consult the table below. The table contains a set of permissions that are required for All AWS cloud services and, for each supporting service, a list of optional permissions specific to that service.
Permissions required for AWS monitoring integration:
"cloudwatch:GetMetricData""cloudwatch:GetMetricStatistics""cloudwatch:ListMetrics""sts:GetCallerIdentity""tag:GetResources""tag:GetTagKeys""ec2:DescribeAvailabilityZones"
Complete list of permissions for cloud services¶
| Name | Permissions |
|---|---|
| All monitored Amazon services Required | cloudwatch:GetMetricData, cloudwatch:GetMetricStatistics, cloudwatch:ListMetrics, sts:GetCallerIdentity, tag:GetResources, tag:GetTagKeys, ec2:DescribeAvailabilityZones |
| AWS Certificate Manager Private Certificate Authority | acm-pca:ListCertificateAuthorities |
| Amazon MQ | |
| Amazon API Gateway | apigateway:GET |
| AWS App Runner | apprunner:ListServices |
| Amazon AppStream | appstream:DescribeFleets |
| AWS AppSync | appsync:ListGraphqlApis |
| Amazon Athena | athena:ListWorkGroups |
| Amazon Aurora | rds:DescribeDBClusters |
| Amazon EC2 Auto Scaling | autoscaling:DescribeAutoScalingGroups |
| Amazon EC2 Auto Scaling (built-in) | autoscaling:DescribeAutoScalingGroups |
| AWS Billing | |
| Amazon Keyspaces | |
| AWS Chatbot | |
| Amazon CloudFront | cloudfront:ListDistributions |
| AWS CloudHSM | cloudhsm:DescribeClusters |
| Amazon CloudSearch | cloudsearch:DescribeDomains |
| AWS CodeBuild | codebuild:ListProjects |
| Amazon Cognito | |
| Amazon Connect | |
| Amazon Elastic Kubernetes Service (EKS) | eks:ListClusters |
| AWS DataSync | datasync:ListTasks |
| Amazon DynamoDB Accelerator (DAX) | dax:DescribeClusters |
| AWS Database Migration Service (AWS DMS) | dms:DescribeReplicationInstances |
| Amazon DocumentDB | rds:DescribeDBClusters |
| AWS Direct Connect | directconnect:DescribeConnections |
| Amazon DynamoDB | dynamodb:ListTables |
| Amazon DynamoDB (built-in) | dynamodb:ListTables, dynamodb:ListTagsOfResource |
| Amazon EBS | ec2:DescribeVolumes |
| Amazon EBS (built-in) | ec2:DescribeVolumes |
| Amazon EC2 API | |
| Amazon EC2 (built-in) | ec2:DescribeInstances |
| Amazon EC2 Spot Fleet | ec2:DescribeSpotFleetRequests |
| Amazon Elastic Container Service (ECS) | ecs:ListClusters |
| Amazon ECS Container Insights | ecs:ListClusters |
| Amazon ElastiCache (EC) | elasticache:DescribeCacheClusters |
| AWS Elastic Beanstalk | elasticbeanstalk:DescribeEnvironments |
| Amazon Elastic File System (EFS) | elasticfilesystem:DescribeFileSystems |
| Amazon Elastic Inference | |
| Amazon Elastic Map Reduce (EMR) | elasticmapreduce:ListClusters |
| Amazon Elasticsearch Service (ES) | es:ListDomainNames |
| Amazon Elastic Transcoder | elastictranscoder:ListPipelines |
| Amazon Elastic Load Balancer (ELB) (built-in) | elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth |
| Amazon EventBridge | events:ListEventBuses |
| Amazon FSx | fsx:DescribeFileSystems |
| Amazon GameLift | gamelift:ListFleets |
| AWS Glue | glue:GetJobs |
| Amazon Inspector | inspector:ListAssessmentTemplates |
| AWS Internet of Things (IoT) | |
| AWS IoT Analytics | |
| Amazon Managed Streaming for Kafka | kafka:ListClusters |
| Amazon Kinesis Data Analytics | kinesisanalytics:ListApplications |
| Amazon Data Firehose | firehose:ListDeliveryStreams |
| Amazon Kinesis Data Streams | kinesis:ListStreams |
| Amazon Kinesis Video Streams | kinesisvideo:ListStreams |
| AWS Lambda | lambda:ListFunctions |
| AWS Lambda (built-in) | lambda:ListFunctions, lambda:ListTags |
| Amazon Lex | lex:GetBots |
| Amazon Application and Network Load Balancer (built-in) | elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth |
| Amazon CloudWatch Logs | logs:DescribeLogGroups |
| AWS Elemental MediaConnect | mediaconnect:ListFlows |
| AWS Elemental MediaConvert | mediaconvert:DescribeEndpoints |
| AWS Elemental MediaPackage Live | mediapackage:ListChannels |
| AWS Elemental MediaPackage Video on Demand | mediapackage-vod:ListPackagingConfigurations |
| AWS Elemental MediaTailor | mediatailor:ListPlaybackConfigurations |
| Amazon VPC NAT Gateways | ec2:DescribeNatGateways |
| Amazon Neptune | rds:DescribeDBClusters |
| AWS OpsWorks | opsworks:DescribeStacks |
| Amazon Polly | |
| Amazon QLDB | qldb:ListLedgers |
| Amazon RDS | rds:DescribeDBInstances |
| Amazon RDS (built-in) | rds:DescribeDBInstances, rds:DescribeEvents, rds:ListTagsForResource |
| Amazon Redshift | redshift:DescribeClusters |
| Amazon Rekognition | |
| AWS RoboMaker | robomaker:ListSimulationJobs |
| Amazon Route 53 | route53:ListHostedZones |
| Amazon Route 53 Resolver | route53resolver:ListResolverEndpoints |
| Amazon S3 | s3:ListAllMyBuckets |
| Amazon S3 (built-in) | s3:ListAllMyBuckets |
| Amazon SageMaker Batch Transform Jobs | |
| Amazon SageMaker Endpoint Instances | sagemaker:ListEndpoints |
| Amazon SageMaker Endpoints | sagemaker:ListEndpoints |
| Amazon SageMaker Ground Truth | |
| Amazon SageMaker Processing Jobs | |
| Amazon SageMaker Training Jobs | |
| AWS Service Catalog | |
| Amazon Simple Email Service (SES) | |
| Amazon Simple Notification Service (SNS) | sns:ListTopics |
| Amazon Simple Queue Service (SQS) | sqs:ListQueues |
| AWS Systems Manager - Run Command | |
| AWS Step Functions | |
| AWS Storage Gateway | storagegateway:ListGateways |
| Amazon SWF | swf:ListDomains |
| Amazon Textract | |
| AWS IoT Things Graph | |
| AWS Transfer Family | transfer:ListServers |
| AWS Transit Gateway | ec2:DescribeTransitGateways |
| Amazon Translate | |
| AWS Trusted Advisor | |
| AWS API Usage | |
| AWS Site-to-Site VPN | ec2:DescribeVpnConnections |
| AWS WAF Classic | |
| AWS WAF | |
| Amazon WorkMail | workmail:ListOrganizations |
| Amazon WorkSpaces | workspaces:DescribeWorkspaces |
Example of JSON policy for one single service.
JSON policy for Amazon API Gateway
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"apigateway:GET",
"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"sts:GetCallerIdentity",
"tag:GetResources",
"tag:GetTagKeys",
"ec2:DescribeAvailabilityZones"
],
"Resource": "*"
}
]
}
In this example, from the complete list of permissions you need to select
"apigateway:GET"for Amazon API Gateway"cloudwatch:GetMetricData","cloudwatch:GetMetricStatistics","cloudwatch:ListMetrics","sts:GetCallerIdentity","tag:GetResources","tag:GetTagKeys", and"ec2:DescribeAvailabilityZones"for All AWS cloud services.
Enable monitoring¶
To learn how to enable service monitoring, see Enable service monitoring.
View service metrics¶
You can view the service metrics in your Dynatrace environment either on the custom device overview page or on your Dashboards page.
View metrics on the custom device overview page¶
To access the custom device overview page
- Go to
Technologies & Processes Classic. - Filter by service name and select the relevant custom device group.
- Once you select the custom device group, you're on the custom device group overview page.
- The custom device group overview page lists all instances (custom devices) belonging to the group. Select an instance to view the custom device overview page.
View metrics on your dashboard¶
After you add the service to monitoring, a preset dashboard containing all recommended metrics is automatically listed on your Dashboards page. To look for specific dashboards, filter by Preset and then by Name.

For existing monitored services, you might need to resave your credentials for the preset dashboard to appear on the Dashboards page. To resave your credentials, go to Settings > Cloud and virtualization > AWS, select the desired AWS instance, and then select Save.
You can't make changes on a preset dashboard directly, but you can clone and edit it. To clone a dashboard, open the browse menu (â¦) and select Clone.
To remove a dashboard from the dashboards page, you can hide it. To hide a dashboard, open the browse menu (â¦) and select Hide.
Hiding a dashboard doesn't affect other users.

To check the availability of preset dashboards for each AWS service, see the list below.
Preset dashboard availability list¶
| AWS service | Preset dashboard |
|---|---|
| Amazon EC2 Auto Scaling (built-in) | Not applicable |
| AWS Lambda (built-in) | Not applicable |
| Amazon Application and Network Load Balancer (built-in) | Not applicable |
| Amazon DynamoDB (built-in) | Not applicable |
| Amazon EBS (built-in) | Not applicable |
| Amazon EC2 (built-in) | Not applicable |
| Amazon Elastic Load Balancer (ELB) (built-in) | Not applicable |
| Amazon RDS (built-in) | Not applicable |
| Amazon S3 (built-in) | Not applicable |
| AWS Certificate Manager Private Certificate Authority | Not applicable |
| All monitored Amazon services | Not applicable |
| Amazon API Gateway | Not applicable |
| AWS App Runner | Not applicable |
| Amazon AppStream | Applicable |
| AWS AppSync | Applicable |
| Amazon Athena | Applicable |
| Amazon Aurora | Not applicable |
| Amazon EC2 Auto Scaling | Applicable |
| AWS Billing | Applicable |
| Amazon Keyspaces | Applicable |
| AWS Chatbot | Applicable |
| Amazon CloudFront | Not applicable |
| AWS CloudHSM | Applicable |
| Amazon CloudSearch | Applicable |
| AWS CodeBuild | Applicable |
| Amazon Cognito | Not applicable |
| Amazon Connect | Applicable |
| AWS DataSync | Applicable |
| Amazon DynamoDB Accelerator (DAX) | Applicable |
| AWS Database Migration Service (AWS DMS) | Applicable |
| Amazon DocumentDB | Applicable |
| AWS Direct Connect | Applicable |
| Amazon DynamoDB | Not applicable |
| Amazon EBS | Not applicable |
| Amazon EC2 Spot Fleet | Not applicable |
| Amazon EC2 API | Applicable |
| Amazon Elastic Container Service (ECS) | Not applicable |
| Amazon ECS Container Insights | Applicable |
| Amazon Elastic File System (EFS) | Not applicable |
| Amazon Elastic Kubernetes Service (EKS) | Applicable |
| Amazon ElastiCache (EC) | Not applicable |
| AWS Elastic Beanstalk | Applicable |
| Amazon Elastic Inference | Applicable |
| Amazon Elastic Transcoder | Applicable |
| Amazon Elastic Map Reduce (EMR) | Not applicable |
| Amazon Elasticsearch Service (ES) | Not applicable |
| Amazon EventBridge | Applicable |
| Amazon FSx | Applicable |
| Amazon GameLift | Applicable |
| AWS Glue | Not applicable |
| Amazon Inspector | Applicable |
| AWS Internet of Things (IoT) | Not applicable |
| AWS IoT Things Graph | Applicable |
| AWS IoT Analytics | Applicable |
| Amazon Managed Streaming for Kafka | Applicable |
| Amazon Kinesis Data Analytics | Not applicable |
| Amazon Data Firehose | Not applicable |
| Amazon Kinesis Data Streams | Not applicable |
| Amazon Kinesis Video Streams | Not applicable |
| AWS Lambda | Not applicable |
| Amazon Lex | Applicable |
| Amazon CloudWatch Logs | Applicable |
| AWS Elemental MediaTailor | Applicable |
| AWS Elemental MediaConnect | Applicable |
| AWS Elemental MediaConvert | Applicable |
| AWS Elemental MediaPackage Live | Applicable |
| AWS Elemental MediaPackage Video on Demand | Applicable |
| Amazon MQ | Applicable |
| Amazon VPC NAT Gateways | Not applicable |
| Amazon Neptune | Applicable |
| AWS OpsWorks | Applicable |
| Amazon Polly | Applicable |
| Amazon QLDB | Applicable |
| Amazon RDS | Not applicable |
| Amazon Redshift | Not applicable |
| Amazon Rekognition | Applicable |
| AWS RoboMaker | Applicable |
| Amazon Route 53 | Applicable |
| Amazon Route 53 Resolver | Applicable |
| Amazon S3 | Not applicable |
| Amazon SageMaker Batch Transform Jobs | Not applicable |
| Amazon SageMaker Endpoints | Not applicable |
| Amazon SageMaker Endpoint Instances | Not applicable |
| Amazon SageMaker Ground Truth | Not applicable |
| Amazon SageMaker Processing Jobs | Not applicable |
| Amazon SageMaker Training Jobs | Not applicable |
| AWS Service Catalog | Applicable |
| Amazon Simple Email Service (SES) | Not applicable |
| Amazon Simple Notification Service (SNS) | Not applicable |
| Amazon Simple Queue Service (SQS) | Not applicable |
| AWS Systems Manager - Run Command | Applicable |
| AWS Step Functions | Applicable |
| AWS Storage Gateway | Applicable |
| Amazon SWF | Applicable |
| Amazon Textract | Applicable |
| AWS Transfer Family | Applicable |
| AWS Transit Gateway | Applicable |
| Amazon Translate | Applicable |
| AWS Trusted Advisor | Applicable |
| AWS API Usage | Applicable |
| AWS Site-to-Site VPN | Applicable |
| AWS WAF Classic | Applicable |
| AWS WAF | Applicable |
| Amazon WorkMail | Applicable |
| Amazon WorkSpaces | Applicable |

Available metrics¶
| Name | Description | Unit | Statistics | Dimensions | Recommended |
|---|---|---|---|---|---|
| CommandsDeliveryTimedOut | The number of commands that have a terminal status of Delivery Timed Out |
Count | Sum | Region | Applicable |
| CommandsFailed | The number of commands that have a terminal status of Failed |
Count | Sum | Region | Applicable |
| CommandsSucceeded | The number of commands that have a terminal status of Success |
Count | Sum | Region | Applicable |
Source: aws-service-transfer-family.md¶
title: AWS Transfer Family monitoring source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-with-aws/aws-all-services/aws-service-transfer-family scraped: 2026-02-18T05:50:41.895522
AWS Transfer Family monitoring¶
AWS Transfer Family monitoring¶
- How-to guide
- 1-min read
- Published Jul 06, 2020
Dynatrace ingests metrics for multiple preselected namespaces, including AWS Transfer Family. You can view metrics for each service instance, split metrics into multiple dimensions, and create custom charts that you can pin to your dashboards.
Prerequisites¶
To enable monitoring for this service, you need
-
ActiveGate version 1.197+
-
For Dynatrace SaaS deployments, you need an Environment ActiveGate or a Multi-environment ActiveGate.
For role-based access in SaaS deployment, you need an Environment ActiveGate installed on an Amazon EC2 host.
- Dynatrace version 1.200+
- An updated AWS monitoring policy to include the additional AWS services.
To update the AWS IAM policy, use the JSON below, containing the monitoring policy (permissions) for all supporting services.
JSON predefined policy for all supporting services
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"acm-pca:ListCertificateAuthorities",
"apigateway:GET",
"apprunner:ListServices",
"appstream:DescribeFleets",
"appsync:ListGraphqlApis",
"athena:ListWorkGroups",
"autoscaling:DescribeAutoScalingGroups",
"cloudformation:ListStackResources",
"cloudfront:ListDistributions",
"cloudhsm:DescribeClusters",
"cloudsearch:DescribeDomains",
"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"codebuild:ListProjects",
"datasync:ListTasks",
"dax:DescribeClusters",
"directconnect:DescribeConnections",
"dms:DescribeReplicationInstances",
"dynamodb:ListTables",
"dynamodb:ListTagsOfResource",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeInstances",
"ec2:DescribeNatGateways",
"ec2:DescribeSpotFleetRequests",
"ec2:DescribeTransitGateways",
"ec2:DescribeVolumes",
"ec2:DescribeVpnConnections",
"ecs:ListClusters",
"eks:ListClusters",
"elasticache:DescribeCacheClusters",
"elasticbeanstalk:DescribeEnvironmentResources",
"elasticbeanstalk:DescribeEnvironments",
"elasticfilesystem:DescribeFileSystems",
"elasticloadbalancing:DescribeInstanceHealth",
"elasticloadbalancing:DescribeListeners",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeRules",
"elasticloadbalancing:DescribeTags",
"elasticloadbalancing:DescribeTargetHealth",
"elasticmapreduce:ListClusters",
"elastictranscoder:ListPipelines",
"es:ListDomainNames",
"events:ListEventBuses",
"firehose:ListDeliveryStreams",
"fsx:DescribeFileSystems",
"gamelift:ListFleets",
"glue:GetJobs",
"inspector:ListAssessmentTemplates",
"kafka:ListClusters",
"kinesis:ListStreams",
"kinesisanalytics:ListApplications",
"kinesisvideo:ListStreams",
"lambda:ListFunctions",
"lambda:ListTags",
"lex:GetBots",
"logs:DescribeLogGroups",
"mediaconnect:ListFlows",
"mediaconvert:DescribeEndpoints",
"mediapackage-vod:ListPackagingConfigurations",
"mediapackage:ListChannels",
"mediatailor:ListPlaybackConfigurations",
"opsworks:DescribeStacks",
"qldb:ListLedgers",
"rds:DescribeDBClusters",
"rds:DescribeDBInstances",
"rds:DescribeEvents",
"rds:ListTagsForResource",
"redshift:DescribeClusters",
"robomaker:ListSimulationJobs",
"route53:ListHostedZones",
"route53resolver:ListResolverEndpoints",
"s3:ListAllMyBuckets",
"sagemaker:ListEndpoints",
"sns:ListTopics",
"sqs:ListQueues",
"storagegateway:ListGateways",
"sts:GetCallerIdentity",
"swf:ListDomains",
"tag:GetResources",
"tag:GetTagKeys",
"transfer:ListServers",
"workmail:ListOrganizations",
"workspaces:DescribeWorkspaces"
],
"Resource": "*"
}
]
}
If you don't want to add permissions to all services, and just select permissions for certain services, consult the table below. The table contains a set of permissions that are required for All AWS cloud services and, for each supporting service, a list of optional permissions specific to that service.
Permissions required for AWS monitoring integration:
"cloudwatch:GetMetricData""cloudwatch:GetMetricStatistics""cloudwatch:ListMetrics""sts:GetCallerIdentity""tag:GetResources""tag:GetTagKeys""ec2:DescribeAvailabilityZones"
Complete list of permissions for cloud services¶
| Name | Permissions |
|---|---|
| All monitored Amazon services Required | cloudwatch:GetMetricData, cloudwatch:GetMetricStatistics, cloudwatch:ListMetrics, sts:GetCallerIdentity, tag:GetResources, tag:GetTagKeys, ec2:DescribeAvailabilityZones |
| AWS Certificate Manager Private Certificate Authority | acm-pca:ListCertificateAuthorities |
| Amazon MQ | |
| Amazon API Gateway | apigateway:GET |
| AWS App Runner | apprunner:ListServices |
| Amazon AppStream | appstream:DescribeFleets |
| AWS AppSync | appsync:ListGraphqlApis |
| Amazon Athena | athena:ListWorkGroups |
| Amazon Aurora | rds:DescribeDBClusters |
| Amazon EC2 Auto Scaling | autoscaling:DescribeAutoScalingGroups |
| Amazon EC2 Auto Scaling (built-in) | autoscaling:DescribeAutoScalingGroups |
| AWS Billing | |
| Amazon Keyspaces | |
| AWS Chatbot | |
| Amazon CloudFront | cloudfront:ListDistributions |
| AWS CloudHSM | cloudhsm:DescribeClusters |
| Amazon CloudSearch | cloudsearch:DescribeDomains |
| AWS CodeBuild | codebuild:ListProjects |
| Amazon Cognito | |
| Amazon Connect | |
| Amazon Elastic Kubernetes Service (EKS) | eks:ListClusters |
| AWS DataSync | datasync:ListTasks |
| Amazon DynamoDB Accelerator (DAX) | dax:DescribeClusters |
| AWS Database Migration Service (AWS DMS) | dms:DescribeReplicationInstances |
| Amazon DocumentDB | rds:DescribeDBClusters |
| AWS Direct Connect | directconnect:DescribeConnections |
| Amazon DynamoDB | dynamodb:ListTables |
| Amazon DynamoDB (built-in) | dynamodb:ListTables, dynamodb:ListTagsOfResource |
| Amazon EBS | ec2:DescribeVolumes |
| Amazon EBS (built-in) | ec2:DescribeVolumes |
| Amazon EC2 API | |
| Amazon EC2 (built-in) | ec2:DescribeInstances |
| Amazon EC2 Spot Fleet | ec2:DescribeSpotFleetRequests |
| Amazon Elastic Container Service (ECS) | ecs:ListClusters |
| Amazon ECS Container Insights | ecs:ListClusters |
| Amazon ElastiCache (EC) | elasticache:DescribeCacheClusters |
| AWS Elastic Beanstalk | elasticbeanstalk:DescribeEnvironments |
| Amazon Elastic File System (EFS) | elasticfilesystem:DescribeFileSystems |
| Amazon Elastic Inference | |
| Amazon Elastic Map Reduce (EMR) | elasticmapreduce:ListClusters |
| Amazon Elasticsearch Service (ES) | es:ListDomainNames |
| Amazon Elastic Transcoder | elastictranscoder:ListPipelines |
| Amazon Elastic Load Balancer (ELB) (built-in) | elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth |
| Amazon EventBridge | events:ListEventBuses |
| Amazon FSx | fsx:DescribeFileSystems |
| Amazon GameLift | gamelift:ListFleets |
| AWS Glue | glue:GetJobs |
| Amazon Inspector | inspector:ListAssessmentTemplates |
| AWS Internet of Things (IoT) | |
| AWS IoT Analytics | |
| Amazon Managed Streaming for Kafka | kafka:ListClusters |
| Amazon Kinesis Data Analytics | kinesisanalytics:ListApplications |
| Amazon Data Firehose | firehose:ListDeliveryStreams |
| Amazon Kinesis Data Streams | kinesis:ListStreams |
| Amazon Kinesis Video Streams | kinesisvideo:ListStreams |
| AWS Lambda | lambda:ListFunctions |
| AWS Lambda (built-in) | lambda:ListFunctions, lambda:ListTags |
| Amazon Lex | lex:GetBots |
| Amazon Application and Network Load Balancer (built-in) | elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth |
| Amazon CloudWatch Logs | logs:DescribeLogGroups |
| AWS Elemental MediaConnect | mediaconnect:ListFlows |
| AWS Elemental MediaConvert | mediaconvert:DescribeEndpoints |
| AWS Elemental MediaPackage Live | mediapackage:ListChannels |
| AWS Elemental MediaPackage Video on Demand | mediapackage-vod:ListPackagingConfigurations |
| AWS Elemental MediaTailor | mediatailor:ListPlaybackConfigurations |
| Amazon VPC NAT Gateways | ec2:DescribeNatGateways |
| Amazon Neptune | rds:DescribeDBClusters |
| AWS OpsWorks | opsworks:DescribeStacks |
| Amazon Polly | |
| Amazon QLDB | qldb:ListLedgers |
| Amazon RDS | rds:DescribeDBInstances |
| Amazon RDS (built-in) | rds:DescribeDBInstances, rds:DescribeEvents, rds:ListTagsForResource |
| Amazon Redshift | redshift:DescribeClusters |
| Amazon Rekognition | |
| AWS RoboMaker | robomaker:ListSimulationJobs |
| Amazon Route 53 | route53:ListHostedZones |
| Amazon Route 53 Resolver | route53resolver:ListResolverEndpoints |
| Amazon S3 | s3:ListAllMyBuckets |
| Amazon S3 (built-in) | s3:ListAllMyBuckets |
| Amazon SageMaker Batch Transform Jobs | |
| Amazon SageMaker Endpoint Instances | sagemaker:ListEndpoints |
| Amazon SageMaker Endpoints | sagemaker:ListEndpoints |
| Amazon SageMaker Ground Truth | |
| Amazon SageMaker Processing Jobs | |
| Amazon SageMaker Training Jobs | |
| AWS Service Catalog | |
| Amazon Simple Email Service (SES) | |
| Amazon Simple Notification Service (SNS) | sns:ListTopics |
| Amazon Simple Queue Service (SQS) | sqs:ListQueues |
| AWS Systems Manager - Run Command | |
| AWS Step Functions | |
| AWS Storage Gateway | storagegateway:ListGateways |
| Amazon SWF | swf:ListDomains |
| Amazon Textract | |
| AWS IoT Things Graph | |
| AWS Transfer Family | transfer:ListServers |
| AWS Transit Gateway | ec2:DescribeTransitGateways |
| Amazon Translate | |
| AWS Trusted Advisor | |
| AWS API Usage | |
| AWS Site-to-Site VPN | ec2:DescribeVpnConnections |
| AWS WAF Classic | |
| AWS WAF | |
| Amazon WorkMail | workmail:ListOrganizations |
| Amazon WorkSpaces | workspaces:DescribeWorkspaces |
Example of JSON policy for one single service.
JSON policy for Amazon API Gateway
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"apigateway:GET",
"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"sts:GetCallerIdentity",
"tag:GetResources",
"tag:GetTagKeys",
"ec2:DescribeAvailabilityZones"
],
"Resource": "*"
}
]
}
In this example, from the complete list of permissions you need to select
"apigateway:GET"for Amazon API Gateway"cloudwatch:GetMetricData","cloudwatch:GetMetricStatistics","cloudwatch:ListMetrics","sts:GetCallerIdentity","tag:GetResources","tag:GetTagKeys", and"ec2:DescribeAvailabilityZones"for All AWS cloud services.
AWS endpoints that need to be reachable from ActiveGate with corresponding AWS services¶
| Endpoint | Service |
|---|---|
autoscaling.<REGION>.amazonaws.com |
Amazon EC2 Auto Scaling (built-in), Amazon EC2 Auto Scaling |
lambda.<REGION>.amazonaws.com |
AWS Lambda (built-in), AWS Lambda |
elasticloadbalancing.<REGION>.amazonaws.com |
Amazon Application and Network Load Balancer (built-in), Amazon Elastic Load Balancer (ELB) (built-in) |
dynamodb.<REGION>.amazonaws.com |
Amazon DynamoDB (built-in), Amazon DynamoDB |
ec2.<REGION>.amazonaws.com |
Amazon EBS (built-in), Amazon EC2 (built-in), Amazon EBS, Amazon EC2 Spot Fleet, Amazon VPC NAT Gateways, AWS Transit Gateway, AWS Site-to-Site VPN |
rds.<REGION>.amazonaws.com |
Amazon RDS (built-in), Amazon Aurora, Amazon DocumentDB, Amazon Neptune, Amazon RDS |
s3.<REGION>.amazonaws.com |
Amazon S3 (built-in) |
acm-pca.<REGION>.amazonaws.com |
AWS Certificate Manager Private Certificate Authority |
apigateway.<REGION>.amazonaws.com |
Amazon API Gateway |
apprunner.<REGION>.amazonaws.com |
AWS App Runner |
appstream2.<REGION>.amazonaws.com |
Amazon AppStream |
appsync.<REGION>.amazonaws.com |
AWS AppSync |
athena.<REGION>.amazonaws.com |
Amazon Athena |
cloudfront.amazonaws.com |
Amazon CloudFront |
cloudhsmv2.<REGION>.amazonaws.com |
AWS CloudHSM |
cloudsearch.<REGION>.amazonaws.com |
Amazon CloudSearch |
codebuild.<REGION>.amazonaws.com |
AWS CodeBuild |
datasync.<REGION>.amazonaws.com |
AWS DataSync |
dax.<REGION>.amazonaws.com |
Amazon DynamoDB Accelerator (DAX) |
dms.<REGION>.amazonaws.com |
AWS Database Migration Service (AWS DMS) |
directconnect.<REGION>.amazonaws.com |
AWS Direct Connect |
ecs.<REGION>.amazonaws.com |
Amazon Elastic Container Service (ECS), Amazon ECS Container Insights |
elasticfilesystem.<REGION>.amazonaws.com |
Amazon Elastic File System (EFS) |
eks.<REGION>.amazonaws.com |
Amazon Elastic Kubernetes Service (EKS) |
elasticache.<REGION>.amazonaws.com |
Amazon ElastiCache (EC) |
elasticbeanstalk.<REGION>.amazonaws.com |
AWS Elastic Beanstalk |
elastictranscoder.<REGION>.amazonaws.com |
Amazon Elastic Transcoder |
es.<REGION>.amazonaws.com |
Amazon Elasticsearch Service (ES) |
events.<REGION>.amazonaws.com |
Amazon EventBridge |
fsx.<REGION>.amazonaws.com |
Amazon FSx |
gamelift.<REGION>.amazonaws.com |
Amazon GameLift |
glue.<REGION>.amazonaws.com |
AWS Glue |
inspector.<REGION>.amazonaws.com |
Amazon Inspector |
kafka.<REGION>.amazonaws.com |
Amazon Managed Streaming for Kafka |
models.lex.<REGION>.amazonaws.com |
Amazon Lex |
logs.<REGION>.amazonaws.com |
Amazon CloudWatch Logs |
api.mediatailor.<REGION>.amazonaws.com |
AWS Elemental MediaTailor |
mediaconnect.<REGION>.amazonaws.com |
AWS Elemental MediaConnect |
mediapackage.<REGION>.amazonaws.com |
AWS Elemental MediaPackage Live |
mediapackage-vod.<REGION>.amazonaws.com |
AWS Elemental MediaPackage Video on Demand |
opsworks.<REGION>.amazonaws.com |
AWS OpsWorks |
qldb.<REGION>.amazonaws.com |
Amazon QLDB |
redshift.<REGION>.amazonaws.com |
Amazon Redshift |
robomaker.<REGION>.amazonaws.com |
AWS RoboMaker |
route53.amazonaws.com |
Amazon Route 53 |
route53resolver.<REGION>.amazonaws.com |
Amazon Route 53 Resolver |
api.sagemaker.<REGION>.amazonaws.com |
Amazon SageMaker Endpoints, Amazon SageMaker Endpoint Instances |
sns.<REGION>.amazonaws.com |
Amazon Simple Notification Service (SNS) |
sqs.<REGION>.amazonaws.com |
Amazon Simple Queue Service (SQS) |
storagegateway.<REGION>.amazonaws.com |
AWS Storage Gateway |
swf.<REGION>.amazonaws.com |
Amazon SWF |
transfer.<REGION>.amazonaws.com |
AWS Transfer Family |
workmail.<REGION>.amazonaws.com |
Amazon WorkMail |
workspaces.<REGION>.amazonaws.com |
Amazon WorkSpaces |
Enable monitoring¶
To learn how to enable service monitoring, see Enable service monitoring.
View service metrics¶
You can view the service metrics in your Dynatrace environment either on the custom device overview page or on your Dashboards page.
View metrics on the custom device overview page¶
To access the custom device overview page
- Go to
Technologies & Processes Classic. - Filter by service name and select the relevant custom device group.
- Once you select the custom device group, you're on the custom device group overview page.
- The custom device group overview page lists all instances (custom devices) belonging to the group. Select an instance to view the custom device overview page.
View metrics on your dashboard¶
After you add the service to monitoring, a preset dashboard containing all recommended metrics is automatically listed on your Dashboards page. To look for specific dashboards, filter by Preset and then by Name.

For existing monitored services, you might need to resave your credentials for the preset dashboard to appear on the Dashboards page. To resave your credentials, go to Settings > Cloud and virtualization > AWS, select the desired AWS instance, and then select Save.
You can't make changes on a preset dashboard directly, but you can clone and edit it. To clone a dashboard, open the browse menu (â¦) and select Clone.
To remove a dashboard from the dashboards page, you can hide it. To hide a dashboard, open the browse menu (â¦) and select Hide.
Hiding a dashboard doesn't affect other users.

To check the availability of preset dashboards for each AWS service, see the list below.
Preset dashboard availability list¶
| AWS service | Preset dashboard |
|---|---|
| Amazon EC2 Auto Scaling (built-in) | Not applicable |
| AWS Lambda (built-in) | Not applicable |
| Amazon Application and Network Load Balancer (built-in) | Not applicable |
| Amazon DynamoDB (built-in) | Not applicable |
| Amazon EBS (built-in) | Not applicable |
| Amazon EC2 (built-in) | Not applicable |
| Amazon Elastic Load Balancer (ELB) (built-in) | Not applicable |
| Amazon RDS (built-in) | Not applicable |
| Amazon S3 (built-in) | Not applicable |
| AWS Certificate Manager Private Certificate Authority | Not applicable |
| All monitored Amazon services | Not applicable |
| Amazon API Gateway | Not applicable |
| AWS App Runner | Not applicable |
| Amazon AppStream | Applicable |
| AWS AppSync | Applicable |
| Amazon Athena | Applicable |
| Amazon Aurora | Not applicable |
| Amazon EC2 Auto Scaling | Applicable |
| AWS Billing | Applicable |
| Amazon Keyspaces | Applicable |
| AWS Chatbot | Applicable |
| Amazon CloudFront | Not applicable |
| AWS CloudHSM | Applicable |
| Amazon CloudSearch | Applicable |
| AWS CodeBuild | Applicable |
| Amazon Cognito | Not applicable |
| Amazon Connect | Applicable |
| AWS DataSync | Applicable |
| Amazon DynamoDB Accelerator (DAX) | Applicable |
| AWS Database Migration Service (AWS DMS) | Applicable |
| Amazon DocumentDB | Applicable |
| AWS Direct Connect | Applicable |
| Amazon DynamoDB | Not applicable |
| Amazon EBS | Not applicable |
| Amazon EC2 Spot Fleet | Not applicable |
| Amazon EC2 API | Applicable |
| Amazon Elastic Container Service (ECS) | Not applicable |
| Amazon ECS Container Insights | Applicable |
| Amazon Elastic File System (EFS) | Not applicable |
| Amazon Elastic Kubernetes Service (EKS) | Applicable |
| Amazon ElastiCache (EC) | Not applicable |
| AWS Elastic Beanstalk | Applicable |
| Amazon Elastic Inference | Applicable |
| Amazon Elastic Transcoder | Applicable |
| Amazon Elastic Map Reduce (EMR) | Not applicable |
| Amazon Elasticsearch Service (ES) | Not applicable |
| Amazon EventBridge | Applicable |
| Amazon FSx | Applicable |
| Amazon GameLift | Applicable |
| AWS Glue | Not applicable |
| Amazon Inspector | Applicable |
| AWS Internet of Things (IoT) | Not applicable |
| AWS IoT Things Graph | Applicable |
| AWS IoT Analytics | Applicable |
| Amazon Managed Streaming for Kafka | Applicable |
| Amazon Kinesis Data Analytics | Not applicable |
| Amazon Data Firehose | Not applicable |
| Amazon Kinesis Data Streams | Not applicable |
| Amazon Kinesis Video Streams | Not applicable |
| AWS Lambda | Not applicable |
| Amazon Lex | Applicable |
| Amazon CloudWatch Logs | Applicable |
| AWS Elemental MediaTailor | Applicable |
| AWS Elemental MediaConnect | Applicable |
| AWS Elemental MediaConvert | Applicable |
| AWS Elemental MediaPackage Live | Applicable |
| AWS Elemental MediaPackage Video on Demand | Applicable |
| Amazon MQ | Applicable |
| Amazon VPC NAT Gateways | Not applicable |
| Amazon Neptune | Applicable |
| AWS OpsWorks | Applicable |
| Amazon Polly | Applicable |
| Amazon QLDB | Applicable |
| Amazon RDS | Not applicable |
| Amazon Redshift | Not applicable |
| Amazon Rekognition | Applicable |
| AWS RoboMaker | Applicable |
| Amazon Route 53 | Applicable |
| Amazon Route 53 Resolver | Applicable |
| Amazon S3 | Not applicable |
| Amazon SageMaker Batch Transform Jobs | Not applicable |
| Amazon SageMaker Endpoints | Not applicable |
| Amazon SageMaker Endpoint Instances | Not applicable |
| Amazon SageMaker Ground Truth | Not applicable |
| Amazon SageMaker Processing Jobs | Not applicable |
| Amazon SageMaker Training Jobs | Not applicable |
| AWS Service Catalog | Applicable |
| Amazon Simple Email Service (SES) | Not applicable |
| Amazon Simple Notification Service (SNS) | Not applicable |
| Amazon Simple Queue Service (SQS) | Not applicable |
| AWS Systems Manager - Run Command | Applicable |
| AWS Step Functions | Applicable |
| AWS Storage Gateway | Applicable |
| Amazon SWF | Applicable |
| Amazon Textract | Applicable |
| AWS Transfer Family | Applicable |
| AWS Transit Gateway | Applicable |
| Amazon Translate | Applicable |
| AWS Trusted Advisor | Applicable |
| AWS API Usage | Applicable |
| AWS Site-to-Site VPN | Applicable |
| AWS WAF Classic | Applicable |
| AWS WAF | Applicable |
| Amazon WorkMail | Applicable |
| Amazon WorkSpaces | Applicable |

Available metrics¶
ServerId is the main dimension.
| Name | Description | Unit | Statistics | Dimensions | Recommended |
|---|---|---|---|---|---|
| BytesIn | The total number of bytes transferred into the server | Bytes | Sum | ServerId | Applicable |
| BytesOut | The total number of bytes transferred out of the server | Bytes | Sum | ServerId | Applicable |
Source: aws-service-transit-gateway.md¶
title: AWS Transit Gateway monitoring source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-with-aws/aws-all-services/aws-service-transit-gateway scraped: 2026-02-18T05:44:29.323907
AWS Transit Gateway monitoring¶
AWS Transit Gateway monitoring¶
- How-to guide
- 3-min read
- Published Sep 08, 2020
Dynatrace ingests metrics for multiple preselected namespaces, including AWS Transit Gateway. You can view metrics for each service instance, split metrics into multiple dimensions, and create custom charts that you can pin to your dashboards.
Prerequisites¶
To enable monitoring for this service, you need
-
ActiveGate version 1.197+
-
For Dynatrace SaaS deployments, you need an Environment ActiveGate or a Multi-environment ActiveGate.
For role-based access in a SaaS deployment, you need an Environment ActiveGate installed on an Amazon EC2 host.
- Dynatrace version 1.201+
- An updated AWS monitoring policy to include the additional AWS services.
To update the AWS IAM policy, use the JSON below, containing the monitoring policy (permissions) for all supporting services.
JSON predefined policy for all supporting services
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"acm-pca:ListCertificateAuthorities",
"apigateway:GET",
"apprunner:ListServices",
"appstream:DescribeFleets",
"appsync:ListGraphqlApis",
"athena:ListWorkGroups",
"autoscaling:DescribeAutoScalingGroups",
"cloudformation:ListStackResources",
"cloudfront:ListDistributions",
"cloudhsm:DescribeClusters",
"cloudsearch:DescribeDomains",
"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"codebuild:ListProjects",
"datasync:ListTasks",
"dax:DescribeClusters",
"directconnect:DescribeConnections",
"dms:DescribeReplicationInstances",
"dynamodb:ListTables",
"dynamodb:ListTagsOfResource",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeInstances",
"ec2:DescribeNatGateways",
"ec2:DescribeSpotFleetRequests",
"ec2:DescribeTransitGateways",
"ec2:DescribeVolumes",
"ec2:DescribeVpnConnections",
"ecs:ListClusters",
"eks:ListClusters",
"elasticache:DescribeCacheClusters",
"elasticbeanstalk:DescribeEnvironmentResources",
"elasticbeanstalk:DescribeEnvironments",
"elasticfilesystem:DescribeFileSystems",
"elasticloadbalancing:DescribeInstanceHealth",
"elasticloadbalancing:DescribeListeners",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeRules",
"elasticloadbalancing:DescribeTags",
"elasticloadbalancing:DescribeTargetHealth",
"elasticmapreduce:ListClusters",
"elastictranscoder:ListPipelines",
"es:ListDomainNames",
"events:ListEventBuses",
"firehose:ListDeliveryStreams",
"fsx:DescribeFileSystems",
"gamelift:ListFleets",
"glue:GetJobs",
"inspector:ListAssessmentTemplates",
"kafka:ListClusters",
"kinesis:ListStreams",
"kinesisanalytics:ListApplications",
"kinesisvideo:ListStreams",
"lambda:ListFunctions",
"lambda:ListTags",
"lex:GetBots",
"logs:DescribeLogGroups",
"mediaconnect:ListFlows",
"mediaconvert:DescribeEndpoints",
"mediapackage-vod:ListPackagingConfigurations",
"mediapackage:ListChannels",
"mediatailor:ListPlaybackConfigurations",
"opsworks:DescribeStacks",
"qldb:ListLedgers",
"rds:DescribeDBClusters",
"rds:DescribeDBInstances",
"rds:DescribeEvents",
"rds:ListTagsForResource",
"redshift:DescribeClusters",
"robomaker:ListSimulationJobs",
"route53:ListHostedZones",
"route53resolver:ListResolverEndpoints",
"s3:ListAllMyBuckets",
"sagemaker:ListEndpoints",
"sns:ListTopics",
"sqs:ListQueues",
"storagegateway:ListGateways",
"sts:GetCallerIdentity",
"swf:ListDomains",
"tag:GetResources",
"tag:GetTagKeys",
"transfer:ListServers",
"workmail:ListOrganizations",
"workspaces:DescribeWorkspaces"
],
"Resource": "*"
}
]
}
If you don't want to add permissions to all services, and just select permissions for certain services, consult the table below. The table contains a set of permissions that are required for All AWS cloud services and, for each supporting service, a list of optional permissions specific to that service.
Permissions required for AWS monitoring integration:
"cloudwatch:GetMetricData""cloudwatch:GetMetricStatistics""cloudwatch:ListMetrics""sts:GetCallerIdentity""tag:GetResources""tag:GetTagKeys""ec2:DescribeAvailabilityZones"
Complete list of permissions for cloud services¶
| Name | Permissions |
|---|---|
| All monitored Amazon services Required | cloudwatch:GetMetricData, cloudwatch:GetMetricStatistics, cloudwatch:ListMetrics, sts:GetCallerIdentity, tag:GetResources, tag:GetTagKeys, ec2:DescribeAvailabilityZones |
| AWS Certificate Manager Private Certificate Authority | acm-pca:ListCertificateAuthorities |
| Amazon MQ | |
| Amazon API Gateway | apigateway:GET |
| AWS App Runner | apprunner:ListServices |
| Amazon AppStream | appstream:DescribeFleets |
| AWS AppSync | appsync:ListGraphqlApis |
| Amazon Athena | athena:ListWorkGroups |
| Amazon Aurora | rds:DescribeDBClusters |
| Amazon EC2 Auto Scaling | autoscaling:DescribeAutoScalingGroups |
| Amazon EC2 Auto Scaling (built-in) | autoscaling:DescribeAutoScalingGroups |
| AWS Billing | |
| Amazon Keyspaces | |
| AWS Chatbot | |
| Amazon CloudFront | cloudfront:ListDistributions |
| AWS CloudHSM | cloudhsm:DescribeClusters |
| Amazon CloudSearch | cloudsearch:DescribeDomains |
| AWS CodeBuild | codebuild:ListProjects |
| Amazon Cognito | |
| Amazon Connect | |
| Amazon Elastic Kubernetes Service (EKS) | eks:ListClusters |
| AWS DataSync | datasync:ListTasks |
| Amazon DynamoDB Accelerator (DAX) | dax:DescribeClusters |
| AWS Database Migration Service (AWS DMS) | dms:DescribeReplicationInstances |
| Amazon DocumentDB | rds:DescribeDBClusters |
| AWS Direct Connect | directconnect:DescribeConnections |
| Amazon DynamoDB | dynamodb:ListTables |
| Amazon DynamoDB (built-in) | dynamodb:ListTables, dynamodb:ListTagsOfResource |
| Amazon EBS | ec2:DescribeVolumes |
| Amazon EBS (built-in) | ec2:DescribeVolumes |
| Amazon EC2 API | |
| Amazon EC2 (built-in) | ec2:DescribeInstances |
| Amazon EC2 Spot Fleet | ec2:DescribeSpotFleetRequests |
| Amazon Elastic Container Service (ECS) | ecs:ListClusters |
| Amazon ECS Container Insights | ecs:ListClusters |
| Amazon ElastiCache (EC) | elasticache:DescribeCacheClusters |
| AWS Elastic Beanstalk | elasticbeanstalk:DescribeEnvironments |
| Amazon Elastic File System (EFS) | elasticfilesystem:DescribeFileSystems |
| Amazon Elastic Inference | |
| Amazon Elastic Map Reduce (EMR) | elasticmapreduce:ListClusters |
| Amazon Elasticsearch Service (ES) | es:ListDomainNames |
| Amazon Elastic Transcoder | elastictranscoder:ListPipelines |
| Amazon Elastic Load Balancer (ELB) (built-in) | elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth |
| Amazon EventBridge | events:ListEventBuses |
| Amazon FSx | fsx:DescribeFileSystems |
| Amazon GameLift | gamelift:ListFleets |
| AWS Glue | glue:GetJobs |
| Amazon Inspector | inspector:ListAssessmentTemplates |
| AWS Internet of Things (IoT) | |
| AWS IoT Analytics | |
| Amazon Managed Streaming for Kafka | kafka:ListClusters |
| Amazon Kinesis Data Analytics | kinesisanalytics:ListApplications |
| Amazon Data Firehose | firehose:ListDeliveryStreams |
| Amazon Kinesis Data Streams | kinesis:ListStreams |
| Amazon Kinesis Video Streams | kinesisvideo:ListStreams |
| AWS Lambda | lambda:ListFunctions |
| AWS Lambda (built-in) | lambda:ListFunctions, lambda:ListTags |
| Amazon Lex | lex:GetBots |
| Amazon Application and Network Load Balancer (built-in) | elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth |
| Amazon CloudWatch Logs | logs:DescribeLogGroups |
| AWS Elemental MediaConnect | mediaconnect:ListFlows |
| AWS Elemental MediaConvert | mediaconvert:DescribeEndpoints |
| AWS Elemental MediaPackage Live | mediapackage:ListChannels |
| AWS Elemental MediaPackage Video on Demand | mediapackage-vod:ListPackagingConfigurations |
| AWS Elemental MediaTailor | mediatailor:ListPlaybackConfigurations |
| Amazon VPC NAT Gateways | ec2:DescribeNatGateways |
| Amazon Neptune | rds:DescribeDBClusters |
| AWS OpsWorks | opsworks:DescribeStacks |
| Amazon Polly | |
| Amazon QLDB | qldb:ListLedgers |
| Amazon RDS | rds:DescribeDBInstances |
| Amazon RDS (built-in) | rds:DescribeDBInstances, rds:DescribeEvents, rds:ListTagsForResource |
| Amazon Redshift | redshift:DescribeClusters |
| Amazon Rekognition | |
| AWS RoboMaker | robomaker:ListSimulationJobs |
| Amazon Route 53 | route53:ListHostedZones |
| Amazon Route 53 Resolver | route53resolver:ListResolverEndpoints |
| Amazon S3 | s3:ListAllMyBuckets |
| Amazon S3 (built-in) | s3:ListAllMyBuckets |
| Amazon SageMaker Batch Transform Jobs | |
| Amazon SageMaker Endpoint Instances | sagemaker:ListEndpoints |
| Amazon SageMaker Endpoints | sagemaker:ListEndpoints |
| Amazon SageMaker Ground Truth | |
| Amazon SageMaker Processing Jobs | |
| Amazon SageMaker Training Jobs | |
| AWS Service Catalog | |
| Amazon Simple Email Service (SES) | |
| Amazon Simple Notification Service (SNS) | sns:ListTopics |
| Amazon Simple Queue Service (SQS) | sqs:ListQueues |
| AWS Systems Manager - Run Command | |
| AWS Step Functions | |
| AWS Storage Gateway | storagegateway:ListGateways |
| Amazon SWF | swf:ListDomains |
| Amazon Textract | |
| AWS IoT Things Graph | |
| AWS Transfer Family | transfer:ListServers |
| AWS Transit Gateway | ec2:DescribeTransitGateways |
| Amazon Translate | |
| AWS Trusted Advisor | |
| AWS API Usage | |
| AWS Site-to-Site VPN | ec2:DescribeVpnConnections |
| AWS WAF Classic | |
| AWS WAF | |
| Amazon WorkMail | workmail:ListOrganizations |
| Amazon WorkSpaces | workspaces:DescribeWorkspaces |
Example of JSON policy for one single service.
JSON policy for Amazon API Gateway
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"apigateway:GET",
"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"sts:GetCallerIdentity",
"tag:GetResources",
"tag:GetTagKeys",
"ec2:DescribeAvailabilityZones"
],
"Resource": "*"
}
]
}
In this example, from the complete list of permissions you need to select
"apigateway:GET"for Amazon API Gateway"cloudwatch:GetMetricData","cloudwatch:GetMetricStatistics","cloudwatch:ListMetrics","sts:GetCallerIdentity","tag:GetResources","tag:GetTagKeys", and"ec2:DescribeAvailabilityZones"for All AWS cloud services.
AWS endpoints that need to be reachable from ActiveGate with corresponding AWS services¶
| Endpoint | Service |
|---|---|
autoscaling.<REGION>.amazonaws.com |
Amazon EC2 Auto Scaling (built-in), Amazon EC2 Auto Scaling |
lambda.<REGION>.amazonaws.com |
AWS Lambda (built-in), AWS Lambda |
elasticloadbalancing.<REGION>.amazonaws.com |
Amazon Application and Network Load Balancer (built-in), Amazon Elastic Load Balancer (ELB) (built-in) |
dynamodb.<REGION>.amazonaws.com |
Amazon DynamoDB (built-in), Amazon DynamoDB |
ec2.<REGION>.amazonaws.com |
Amazon EBS (built-in), Amazon EC2 (built-in), Amazon EBS, Amazon EC2 Spot Fleet, Amazon VPC NAT Gateways, AWS Transit Gateway, AWS Site-to-Site VPN |
rds.<REGION>.amazonaws.com |
Amazon RDS (built-in), Amazon Aurora, Amazon DocumentDB, Amazon Neptune, Amazon RDS |
s3.<REGION>.amazonaws.com |
Amazon S3 (built-in) |
acm-pca.<REGION>.amazonaws.com |
AWS Certificate Manager Private Certificate Authority |
apigateway.<REGION>.amazonaws.com |
Amazon API Gateway |
apprunner.<REGION>.amazonaws.com |
AWS App Runner |
appstream2.<REGION>.amazonaws.com |
Amazon AppStream |
appsync.<REGION>.amazonaws.com |
AWS AppSync |
athena.<REGION>.amazonaws.com |
Amazon Athena |
cloudfront.amazonaws.com |
Amazon CloudFront |
cloudhsmv2.<REGION>.amazonaws.com |
AWS CloudHSM |
cloudsearch.<REGION>.amazonaws.com |
Amazon CloudSearch |
codebuild.<REGION>.amazonaws.com |
AWS CodeBuild |
datasync.<REGION>.amazonaws.com |
AWS DataSync |
dax.<REGION>.amazonaws.com |
Amazon DynamoDB Accelerator (DAX) |
dms.<REGION>.amazonaws.com |
AWS Database Migration Service (AWS DMS) |
directconnect.<REGION>.amazonaws.com |
AWS Direct Connect |
ecs.<REGION>.amazonaws.com |
Amazon Elastic Container Service (ECS), Amazon ECS Container Insights |
elasticfilesystem.<REGION>.amazonaws.com |
Amazon Elastic File System (EFS) |
eks.<REGION>.amazonaws.com |
Amazon Elastic Kubernetes Service (EKS) |
elasticache.<REGION>.amazonaws.com |
Amazon ElastiCache (EC) |
elasticbeanstalk.<REGION>.amazonaws.com |
AWS Elastic Beanstalk |
elastictranscoder.<REGION>.amazonaws.com |
Amazon Elastic Transcoder |
es.<REGION>.amazonaws.com |
Amazon Elasticsearch Service (ES) |
events.<REGION>.amazonaws.com |
Amazon EventBridge |
fsx.<REGION>.amazonaws.com |
Amazon FSx |
gamelift.<REGION>.amazonaws.com |
Amazon GameLift |
glue.<REGION>.amazonaws.com |
AWS Glue |
inspector.<REGION>.amazonaws.com |
Amazon Inspector |
kafka.<REGION>.amazonaws.com |
Amazon Managed Streaming for Kafka |
models.lex.<REGION>.amazonaws.com |
Amazon Lex |
logs.<REGION>.amazonaws.com |
Amazon CloudWatch Logs |
api.mediatailor.<REGION>.amazonaws.com |
AWS Elemental MediaTailor |
mediaconnect.<REGION>.amazonaws.com |
AWS Elemental MediaConnect |
mediapackage.<REGION>.amazonaws.com |
AWS Elemental MediaPackage Live |
mediapackage-vod.<REGION>.amazonaws.com |
AWS Elemental MediaPackage Video on Demand |
opsworks.<REGION>.amazonaws.com |
AWS OpsWorks |
qldb.<REGION>.amazonaws.com |
Amazon QLDB |
redshift.<REGION>.amazonaws.com |
Amazon Redshift |
robomaker.<REGION>.amazonaws.com |
AWS RoboMaker |
route53.amazonaws.com |
Amazon Route 53 |
route53resolver.<REGION>.amazonaws.com |
Amazon Route 53 Resolver |
api.sagemaker.<REGION>.amazonaws.com |
Amazon SageMaker Endpoints, Amazon SageMaker Endpoint Instances |
sns.<REGION>.amazonaws.com |
Amazon Simple Notification Service (SNS) |
sqs.<REGION>.amazonaws.com |
Amazon Simple Queue Service (SQS) |
storagegateway.<REGION>.amazonaws.com |
AWS Storage Gateway |
swf.<REGION>.amazonaws.com |
Amazon SWF |
transfer.<REGION>.amazonaws.com |
AWS Transfer Family |
workmail.<REGION>.amazonaws.com |
Amazon WorkMail |
workspaces.<REGION>.amazonaws.com |
Amazon WorkSpaces |
Enable monitoring¶
To learn how to enable service monitoring, see Enable service monitoring.
View service metrics¶
You can view the service metrics in your Dynatrace environment either on the custom device overview page or on your Dashboards page.
View metrics on the custom device overview page¶
To access the custom device overview page
- Go to
Technologies & Processes Classic. - Filter by service name and select the relevant custom device group.
- Once you select the custom device group, you're on the custom device group overview page.
- The custom device group overview page lists all instances (custom devices) belonging to the group. Select an instance to view the custom device overview page.
TransitGateway is a cross-account service, meaning multiple accounts may monitor one TransitGateway. Dynatrace keeps metrics separate for each monitored account that monitors the same TransitGateway instance.
View metrics on your dashboard¶
After you add the service to monitoring, a preset dashboard containing all recommended metrics is automatically listed on your Dashboards page. To look for specific dashboards, filter by Preset and then by Name.

For existing monitored services, you might need to resave your credentials for the preset dashboard to appear on the Dashboards page. To resave your credentials, go to Settings > Cloud and virtualization > AWS, select the desired AWS instance, and then select Save.
You can't make changes on a preset dashboard directly, but you can clone and edit it. To clone a dashboard, open the browse menu (â¦) and select Clone.
To remove a dashboard from the dashboards page, you can hide it. To hide a dashboard, open the browse menu (â¦) and select Hide.
Hiding a dashboard doesn't affect other users.

To check the availability of preset dashboards for each AWS service, see the list below.
Preset dashboard availability list¶
| AWS service | Preset dashboard |
|---|---|
| Amazon EC2 Auto Scaling (built-in) | Not applicable |
| AWS Lambda (built-in) | Not applicable |
| Amazon Application and Network Load Balancer (built-in) | Not applicable |
| Amazon DynamoDB (built-in) | Not applicable |
| Amazon EBS (built-in) | Not applicable |
| Amazon EC2 (built-in) | Not applicable |
| Amazon Elastic Load Balancer (ELB) (built-in) | Not applicable |
| Amazon RDS (built-in) | Not applicable |
| Amazon S3 (built-in) | Not applicable |
| AWS Certificate Manager Private Certificate Authority | Not applicable |
| All monitored Amazon services | Not applicable |
| Amazon API Gateway | Not applicable |
| AWS App Runner | Not applicable |
| Amazon AppStream | Applicable |
| AWS AppSync | Applicable |
| Amazon Athena | Applicable |
| Amazon Aurora | Not applicable |
| Amazon EC2 Auto Scaling | Applicable |
| AWS Billing | Applicable |
| Amazon Keyspaces | Applicable |
| AWS Chatbot | Applicable |
| Amazon CloudFront | Not applicable |
| AWS CloudHSM | Applicable |
| Amazon CloudSearch | Applicable |
| AWS CodeBuild | Applicable |
| Amazon Cognito | Not applicable |
| Amazon Connect | Applicable |
| AWS DataSync | Applicable |
| Amazon DynamoDB Accelerator (DAX) | Applicable |
| AWS Database Migration Service (AWS DMS) | Applicable |
| Amazon DocumentDB | Applicable |
| AWS Direct Connect | Applicable |
| Amazon DynamoDB | Not applicable |
| Amazon EBS | Not applicable |
| Amazon EC2 Spot Fleet | Not applicable |
| Amazon EC2 API | Applicable |
| Amazon Elastic Container Service (ECS) | Not applicable |
| Amazon ECS Container Insights | Applicable |
| Amazon Elastic File System (EFS) | Not applicable |
| Amazon Elastic Kubernetes Service (EKS) | Applicable |
| Amazon ElastiCache (EC) | Not applicable |
| AWS Elastic Beanstalk | Applicable |
| Amazon Elastic Inference | Applicable |
| Amazon Elastic Transcoder | Applicable |
| Amazon Elastic Map Reduce (EMR) | Not applicable |
| Amazon Elasticsearch Service (ES) | Not applicable |
| Amazon EventBridge | Applicable |
| Amazon FSx | Applicable |
| Amazon GameLift | Applicable |
| AWS Glue | Not applicable |
| Amazon Inspector | Applicable |
| AWS Internet of Things (IoT) | Not applicable |
| AWS IoT Things Graph | Applicable |
| AWS IoT Analytics | Applicable |
| Amazon Managed Streaming for Kafka | Applicable |
| Amazon Kinesis Data Analytics | Not applicable |
| Amazon Data Firehose | Not applicable |
| Amazon Kinesis Data Streams | Not applicable |
| Amazon Kinesis Video Streams | Not applicable |
| AWS Lambda | Not applicable |
| Amazon Lex | Applicable |
| Amazon CloudWatch Logs | Applicable |
| AWS Elemental MediaTailor | Applicable |
| AWS Elemental MediaConnect | Applicable |
| AWS Elemental MediaConvert | Applicable |
| AWS Elemental MediaPackage Live | Applicable |
| AWS Elemental MediaPackage Video on Demand | Applicable |
| Amazon MQ | Applicable |
| Amazon VPC NAT Gateways | Not applicable |
| Amazon Neptune | Applicable |
| AWS OpsWorks | Applicable |
| Amazon Polly | Applicable |
| Amazon QLDB | Applicable |
| Amazon RDS | Not applicable |
| Amazon Redshift | Not applicable |
| Amazon Rekognition | Applicable |
| AWS RoboMaker | Applicable |
| Amazon Route 53 | Applicable |
| Amazon Route 53 Resolver | Applicable |
| Amazon S3 | Not applicable |
| Amazon SageMaker Batch Transform Jobs | Not applicable |
| Amazon SageMaker Endpoints | Not applicable |
| Amazon SageMaker Endpoint Instances | Not applicable |
| Amazon SageMaker Ground Truth | Not applicable |
| Amazon SageMaker Processing Jobs | Not applicable |
| Amazon SageMaker Training Jobs | Not applicable |
| AWS Service Catalog | Applicable |
| Amazon Simple Email Service (SES) | Not applicable |
| Amazon Simple Notification Service (SNS) | Not applicable |
| Amazon Simple Queue Service (SQS) | Not applicable |
| AWS Systems Manager - Run Command | Applicable |
| AWS Step Functions | Applicable |
| AWS Storage Gateway | Applicable |
| Amazon SWF | Applicable |
| Amazon Textract | Applicable |
| AWS Transfer Family | Applicable |
| AWS Transit Gateway | Applicable |
| Amazon Translate | Applicable |
| AWS Trusted Advisor | Applicable |
| AWS API Usage | Applicable |
| AWS Site-to-Site VPN | Applicable |
| AWS WAF Classic | Applicable |
| AWS WAF | Applicable |
| Amazon WorkMail | Applicable |
| Amazon WorkSpaces | Applicable |

Available metrics¶
TransitGateway is the main dimension.
| Name | Description | Unit | Statistics | Dimensions | Recommended |
|---|---|---|---|---|---|
| BytesDropCountBlackhole | The number of bytes dropped because they matched a black hole route | Count | Sum | TransitGateway, TransitGatewayAttachment | |
| BytesDropCountBlackhole | Count | Sum | TransitGateway | Applicable | |
| BytesDropCountNoRoute | The number of bytes dropped because they did not match a route | Count | Sum | TransitGateway, TransitGatewayAttachment | |
| BytesDropCountNoRoute | Count | Sum | TransitGateway | Applicable | |
| BytesIn | The number of bytes received by the transit gateway | Bytes | Sum | TransitGateway, TransitGatewayAttachment | |
| BytesIn | Bytes | Sum | TransitGateway | Applicable | |
| BytesOut | The number of packets sent by the transit gateway | Bytes | Sum | TransitGateway, TransitGatewayAttachment | |
| BytesOut | Bytes | Sum | TransitGateway | Applicable | |
| IGMPJoins | The number of IGMP Join messages received by the transit gateway |
Count | Sum | TransitGateway, TransitGatewayAttachment | |
| IGMPQueries | The number of IGMP Query messages received by the transit gateway |
Count | Sum | TransitGateway, TransitGatewayAttachment | |
| IGMPReceives | The number of IGMP Leave messages received by the transit gateway |
Count | Sum | TransitGateway, TransitGatewayAttachment | |
| MulticastBytesIn | The number of multicast bytes received by the transit gateway | Bytes | Sum | TransitGateway, TransitGatewayAttachment | |
| MulticastBytesOut | The number of multicast bytes sent from the transit gateway | Bytes | Sum | TransitGateway, TransitGatewayAttachment | |
| MulticastPacketDropCount | The number of multicast packets dropped | Count | Sum | TransitGateway, TransitGatewayAttachment | |
| MulticastPacketsIn | The number of multicast packets received by the transit gateway | Count | Sum | TransitGateway, TransitGatewayAttachment | |
| MulticastPacketsOut | The number of multicast packets sent by the transit gateway | Count | Sum | TransitGateway, TransitGatewayAttachment | |
| NumberofMulticastDomains | The number of multicast domains configured on the transit gateway | Count | Sum | TransitGateway | |
| NumberofMulticastGroupMembers | The number of multicast group members configured on the transit gateway | Count | Sum | TransitGateway | |
| PacketDropCountBlackhole | The number of packets dropped because they matched a black hole route | Count | Sum | TransitGateway, TransitGatewayAttachment | |
| PacketDropCountBlackhole | Count | Sum | TransitGateway | Applicable | |
| PacketDropCountNoRoute | The number of packets dropped because they did not match a route | Count | Sum | TransitGateway, TransitGatewayAttachment | |
| PacketDropCountNoRoute | Count | Sum | TransitGateway | Applicable | |
| PacketsIn | The number of packets received by the transit gateway | Count | Sum | TransitGateway, TransitGatewayAttachment | |
| PacketsIn | Count | Sum | TransitGateway | Applicable | |
| PacketsOut | The number of packets sent by the transit gateway | Count | Sum | TransitGateway, TransitGatewayAttachment | |
| PacketsOut | Count | Sum | TransitGateway | Applicable |
Source: aws-service-waf-classic.md¶
title: AWS WAF Classic monitoring source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-with-aws/aws-all-services/aws-service-waf-classic scraped: 2026-02-18T05:55:25.629054
AWS WAF Classic monitoring¶
AWS WAF Classic monitoring¶
- How-to guide
- 2-min read
- Published Jul 06, 2020
Dynatrace ingests metrics for multiple preselected namespaces, including AWS WAF Classic. You can view metrics for each service instance, split metrics into multiple dimensions, and create custom charts that you can pin to your dashboards.
Prerequisites¶
To enable monitoring for this service, you need
-
ActiveGate version 1.197+
-
For Dynatrace SaaS deployments, you need an Environment ActiveGate or a Multi-environment ActiveGate.
For role-based access in SaaS deployment, you need an Environment ActiveGate installed on an Amazon EC2 host.
- Dynatrace version 1.200+
- An updated AWS monitoring policy to include the additional AWS services.
To update the AWS IAM policy, use the JSON below, containing the monitoring policy (permissions) for all supporting services.
JSON predefined policy for all supporting services
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"acm-pca:ListCertificateAuthorities",
"apigateway:GET",
"apprunner:ListServices",
"appstream:DescribeFleets",
"appsync:ListGraphqlApis",
"athena:ListWorkGroups",
"autoscaling:DescribeAutoScalingGroups",
"cloudformation:ListStackResources",
"cloudfront:ListDistributions",
"cloudhsm:DescribeClusters",
"cloudsearch:DescribeDomains",
"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"codebuild:ListProjects",
"datasync:ListTasks",
"dax:DescribeClusters",
"directconnect:DescribeConnections",
"dms:DescribeReplicationInstances",
"dynamodb:ListTables",
"dynamodb:ListTagsOfResource",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeInstances",
"ec2:DescribeNatGateways",
"ec2:DescribeSpotFleetRequests",
"ec2:DescribeTransitGateways",
"ec2:DescribeVolumes",
"ec2:DescribeVpnConnections",
"ecs:ListClusters",
"eks:ListClusters",
"elasticache:DescribeCacheClusters",
"elasticbeanstalk:DescribeEnvironmentResources",
"elasticbeanstalk:DescribeEnvironments",
"elasticfilesystem:DescribeFileSystems",
"elasticloadbalancing:DescribeInstanceHealth",
"elasticloadbalancing:DescribeListeners",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeRules",
"elasticloadbalancing:DescribeTags",
"elasticloadbalancing:DescribeTargetHealth",
"elasticmapreduce:ListClusters",
"elastictranscoder:ListPipelines",
"es:ListDomainNames",
"events:ListEventBuses",
"firehose:ListDeliveryStreams",
"fsx:DescribeFileSystems",
"gamelift:ListFleets",
"glue:GetJobs",
"inspector:ListAssessmentTemplates",
"kafka:ListClusters",
"kinesis:ListStreams",
"kinesisanalytics:ListApplications",
"kinesisvideo:ListStreams",
"lambda:ListFunctions",
"lambda:ListTags",
"lex:GetBots",
"logs:DescribeLogGroups",
"mediaconnect:ListFlows",
"mediaconvert:DescribeEndpoints",
"mediapackage-vod:ListPackagingConfigurations",
"mediapackage:ListChannels",
"mediatailor:ListPlaybackConfigurations",
"opsworks:DescribeStacks",
"qldb:ListLedgers",
"rds:DescribeDBClusters",
"rds:DescribeDBInstances",
"rds:DescribeEvents",
"rds:ListTagsForResource",
"redshift:DescribeClusters",
"robomaker:ListSimulationJobs",
"route53:ListHostedZones",
"route53resolver:ListResolverEndpoints",
"s3:ListAllMyBuckets",
"sagemaker:ListEndpoints",
"sns:ListTopics",
"sqs:ListQueues",
"storagegateway:ListGateways",
"sts:GetCallerIdentity",
"swf:ListDomains",
"tag:GetResources",
"tag:GetTagKeys",
"transfer:ListServers",
"workmail:ListOrganizations",
"workspaces:DescribeWorkspaces"
],
"Resource": "*"
}
]
}
If you don't want to add permissions to all services, and just select permissions for certain services, consult the table below. The table contains a set of permissions that are required for All AWS cloud services and, for each supporting service, a list of optional permissions specific to that service.
Permissions required for AWS monitoring integration:
"cloudwatch:GetMetricData""cloudwatch:GetMetricStatistics""cloudwatch:ListMetrics""sts:GetCallerIdentity""tag:GetResources""tag:GetTagKeys""ec2:DescribeAvailabilityZones"
Complete list of permissions for cloud services¶
| Name | Permissions |
|---|---|
| All monitored Amazon services Required | cloudwatch:GetMetricData, cloudwatch:GetMetricStatistics, cloudwatch:ListMetrics, sts:GetCallerIdentity, tag:GetResources, tag:GetTagKeys, ec2:DescribeAvailabilityZones |
| AWS Certificate Manager Private Certificate Authority | acm-pca:ListCertificateAuthorities |
| Amazon MQ | |
| Amazon API Gateway | apigateway:GET |
| AWS App Runner | apprunner:ListServices |
| Amazon AppStream | appstream:DescribeFleets |
| AWS AppSync | appsync:ListGraphqlApis |
| Amazon Athena | athena:ListWorkGroups |
| Amazon Aurora | rds:DescribeDBClusters |
| Amazon EC2 Auto Scaling | autoscaling:DescribeAutoScalingGroups |
| Amazon EC2 Auto Scaling (built-in) | autoscaling:DescribeAutoScalingGroups |
| AWS Billing | |
| Amazon Keyspaces | |
| AWS Chatbot | |
| Amazon CloudFront | cloudfront:ListDistributions |
| AWS CloudHSM | cloudhsm:DescribeClusters |
| Amazon CloudSearch | cloudsearch:DescribeDomains |
| AWS CodeBuild | codebuild:ListProjects |
| Amazon Cognito | |
| Amazon Connect | |
| Amazon Elastic Kubernetes Service (EKS) | eks:ListClusters |
| AWS DataSync | datasync:ListTasks |
| Amazon DynamoDB Accelerator (DAX) | dax:DescribeClusters |
| AWS Database Migration Service (AWS DMS) | dms:DescribeReplicationInstances |
| Amazon DocumentDB | rds:DescribeDBClusters |
| AWS Direct Connect | directconnect:DescribeConnections |
| Amazon DynamoDB | dynamodb:ListTables |
| Amazon DynamoDB (built-in) | dynamodb:ListTables, dynamodb:ListTagsOfResource |
| Amazon EBS | ec2:DescribeVolumes |
| Amazon EBS (built-in) | ec2:DescribeVolumes |
| Amazon EC2 API | |
| Amazon EC2 (built-in) | ec2:DescribeInstances |
| Amazon EC2 Spot Fleet | ec2:DescribeSpotFleetRequests |
| Amazon Elastic Container Service (ECS) | ecs:ListClusters |
| Amazon ECS Container Insights | ecs:ListClusters |
| Amazon ElastiCache (EC) | elasticache:DescribeCacheClusters |
| AWS Elastic Beanstalk | elasticbeanstalk:DescribeEnvironments |
| Amazon Elastic File System (EFS) | elasticfilesystem:DescribeFileSystems |
| Amazon Elastic Inference | |
| Amazon Elastic Map Reduce (EMR) | elasticmapreduce:ListClusters |
| Amazon Elasticsearch Service (ES) | es:ListDomainNames |
| Amazon Elastic Transcoder | elastictranscoder:ListPipelines |
| Amazon Elastic Load Balancer (ELB) (built-in) | elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth |
| Amazon EventBridge | events:ListEventBuses |
| Amazon FSx | fsx:DescribeFileSystems |
| Amazon GameLift | gamelift:ListFleets |
| AWS Glue | glue:GetJobs |
| Amazon Inspector | inspector:ListAssessmentTemplates |
| AWS Internet of Things (IoT) | |
| AWS IoT Analytics | |
| Amazon Managed Streaming for Kafka | kafka:ListClusters |
| Amazon Kinesis Data Analytics | kinesisanalytics:ListApplications |
| Amazon Data Firehose | firehose:ListDeliveryStreams |
| Amazon Kinesis Data Streams | kinesis:ListStreams |
| Amazon Kinesis Video Streams | kinesisvideo:ListStreams |
| AWS Lambda | lambda:ListFunctions |
| AWS Lambda (built-in) | lambda:ListFunctions, lambda:ListTags |
| Amazon Lex | lex:GetBots |
| Amazon Application and Network Load Balancer (built-in) | elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth |
| Amazon CloudWatch Logs | logs:DescribeLogGroups |
| AWS Elemental MediaConnect | mediaconnect:ListFlows |
| AWS Elemental MediaConvert | mediaconvert:DescribeEndpoints |
| AWS Elemental MediaPackage Live | mediapackage:ListChannels |
| AWS Elemental MediaPackage Video on Demand | mediapackage-vod:ListPackagingConfigurations |
| AWS Elemental MediaTailor | mediatailor:ListPlaybackConfigurations |
| Amazon VPC NAT Gateways | ec2:DescribeNatGateways |
| Amazon Neptune | rds:DescribeDBClusters |
| AWS OpsWorks | opsworks:DescribeStacks |
| Amazon Polly | |
| Amazon QLDB | qldb:ListLedgers |
| Amazon RDS | rds:DescribeDBInstances |
| Amazon RDS (built-in) | rds:DescribeDBInstances, rds:DescribeEvents, rds:ListTagsForResource |
| Amazon Redshift | redshift:DescribeClusters |
| Amazon Rekognition | |
| AWS RoboMaker | robomaker:ListSimulationJobs |
| Amazon Route 53 | route53:ListHostedZones |
| Amazon Route 53 Resolver | route53resolver:ListResolverEndpoints |
| Amazon S3 | s3:ListAllMyBuckets |
| Amazon S3 (built-in) | s3:ListAllMyBuckets |
| Amazon SageMaker Batch Transform Jobs | |
| Amazon SageMaker Endpoint Instances | sagemaker:ListEndpoints |
| Amazon SageMaker Endpoints | sagemaker:ListEndpoints |
| Amazon SageMaker Ground Truth | |
| Amazon SageMaker Processing Jobs | |
| Amazon SageMaker Training Jobs | |
| AWS Service Catalog | |
| Amazon Simple Email Service (SES) | |
| Amazon Simple Notification Service (SNS) | sns:ListTopics |
| Amazon Simple Queue Service (SQS) | sqs:ListQueues |
| AWS Systems Manager - Run Command | |
| AWS Step Functions | |
| AWS Storage Gateway | storagegateway:ListGateways |
| Amazon SWF | swf:ListDomains |
| Amazon Textract | |
| AWS IoT Things Graph | |
| AWS Transfer Family | transfer:ListServers |
| AWS Transit Gateway | ec2:DescribeTransitGateways |
| Amazon Translate | |
| AWS Trusted Advisor | |
| AWS API Usage | |
| AWS Site-to-Site VPN | ec2:DescribeVpnConnections |
| AWS WAF Classic | |
| AWS WAF | |
| Amazon WorkMail | workmail:ListOrganizations |
| Amazon WorkSpaces | workspaces:DescribeWorkspaces |
Example of JSON policy for one single service.
JSON policy for Amazon API Gateway
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"apigateway:GET",
"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"sts:GetCallerIdentity",
"tag:GetResources",
"tag:GetTagKeys",
"ec2:DescribeAvailabilityZones"
],
"Resource": "*"
}
]
}
In this example, from the complete list of permissions you need to select
"apigateway:GET"for Amazon API Gateway"cloudwatch:GetMetricData","cloudwatch:GetMetricStatistics","cloudwatch:ListMetrics","sts:GetCallerIdentity","tag:GetResources","tag:GetTagKeys", and"ec2:DescribeAvailabilityZones"for All AWS cloud services.
Enable monitoring¶
To learn how to enable service monitoring, see Enable service monitoring.
View service metrics¶
You can view the service metrics in your Dynatrace environment either on the custom device overview page or on your Dashboards page.
View metrics on the custom device overview page¶
To access the custom device overview page
- Go to
Technologies & Processes Classic. - Filter by service name and select the relevant custom device group.
- Once you select the custom device group, you're on the custom device group overview page.
- The custom device group overview page lists all instances (custom devices) belonging to the group. Select an instance to view the custom device overview page.
View metrics on your dashboard¶
After you add the service to monitoring, a preset dashboard containing all recommended metrics is automatically listed on your Dashboards page. To look for specific dashboards, filter by Preset and then by Name.

For existing monitored services, you might need to resave your credentials for the preset dashboard to appear on the Dashboards page. To resave your credentials, go to Settings > Cloud and virtualization > AWS, select the desired AWS instance, and then select Save.
You can't make changes on a preset dashboard directly, but you can clone and edit it. To clone a dashboard, open the browse menu (â¦) and select Clone.
To remove a dashboard from the dashboards page, you can hide it. To hide a dashboard, open the browse menu (â¦) and select Hide.
Hiding a dashboard doesn't affect other users.

To check the availability of preset dashboards for each AWS service, see the list below.
Preset dashboard availability list¶
| AWS service | Preset dashboard |
|---|---|
| Amazon EC2 Auto Scaling (built-in) | Not applicable |
| AWS Lambda (built-in) | Not applicable |
| Amazon Application and Network Load Balancer (built-in) | Not applicable |
| Amazon DynamoDB (built-in) | Not applicable |
| Amazon EBS (built-in) | Not applicable |
| Amazon EC2 (built-in) | Not applicable |
| Amazon Elastic Load Balancer (ELB) (built-in) | Not applicable |
| Amazon RDS (built-in) | Not applicable |
| Amazon S3 (built-in) | Not applicable |
| AWS Certificate Manager Private Certificate Authority | Not applicable |
| All monitored Amazon services | Not applicable |
| Amazon API Gateway | Not applicable |
| AWS App Runner | Not applicable |
| Amazon AppStream | Applicable |
| AWS AppSync | Applicable |
| Amazon Athena | Applicable |
| Amazon Aurora | Not applicable |
| Amazon EC2 Auto Scaling | Applicable |
| AWS Billing | Applicable |
| Amazon Keyspaces | Applicable |
| AWS Chatbot | Applicable |
| Amazon CloudFront | Not applicable |
| AWS CloudHSM | Applicable |
| Amazon CloudSearch | Applicable |
| AWS CodeBuild | Applicable |
| Amazon Cognito | Not applicable |
| Amazon Connect | Applicable |
| AWS DataSync | Applicable |
| Amazon DynamoDB Accelerator (DAX) | Applicable |
| AWS Database Migration Service (AWS DMS) | Applicable |
| Amazon DocumentDB | Applicable |
| AWS Direct Connect | Applicable |
| Amazon DynamoDB | Not applicable |
| Amazon EBS | Not applicable |
| Amazon EC2 Spot Fleet | Not applicable |
| Amazon EC2 API | Applicable |
| Amazon Elastic Container Service (ECS) | Not applicable |
| Amazon ECS Container Insights | Applicable |
| Amazon Elastic File System (EFS) | Not applicable |
| Amazon Elastic Kubernetes Service (EKS) | Applicable |
| Amazon ElastiCache (EC) | Not applicable |
| AWS Elastic Beanstalk | Applicable |
| Amazon Elastic Inference | Applicable |
| Amazon Elastic Transcoder | Applicable |
| Amazon Elastic Map Reduce (EMR) | Not applicable |
| Amazon Elasticsearch Service (ES) | Not applicable |
| Amazon EventBridge | Applicable |
| Amazon FSx | Applicable |
| Amazon GameLift | Applicable |
| AWS Glue | Not applicable |
| Amazon Inspector | Applicable |
| AWS Internet of Things (IoT) | Not applicable |
| AWS IoT Things Graph | Applicable |
| AWS IoT Analytics | Applicable |
| Amazon Managed Streaming for Kafka | Applicable |
| Amazon Kinesis Data Analytics | Not applicable |
| Amazon Data Firehose | Not applicable |
| Amazon Kinesis Data Streams | Not applicable |
| Amazon Kinesis Video Streams | Not applicable |
| AWS Lambda | Not applicable |
| Amazon Lex | Applicable |
| Amazon CloudWatch Logs | Applicable |
| AWS Elemental MediaTailor | Applicable |
| AWS Elemental MediaConnect | Applicable |
| AWS Elemental MediaConvert | Applicable |
| AWS Elemental MediaPackage Live | Applicable |
| AWS Elemental MediaPackage Video on Demand | Applicable |
| Amazon MQ | Applicable |
| Amazon VPC NAT Gateways | Not applicable |
| Amazon Neptune | Applicable |
| AWS OpsWorks | Applicable |
| Amazon Polly | Applicable |
| Amazon QLDB | Applicable |
| Amazon RDS | Not applicable |
| Amazon Redshift | Not applicable |
| Amazon Rekognition | Applicable |
| AWS RoboMaker | Applicable |
| Amazon Route 53 | Applicable |
| Amazon Route 53 Resolver | Applicable |
| Amazon S3 | Not applicable |
| Amazon SageMaker Batch Transform Jobs | Not applicable |
| Amazon SageMaker Endpoints | Not applicable |
| Amazon SageMaker Endpoint Instances | Not applicable |
| Amazon SageMaker Ground Truth | Not applicable |
| Amazon SageMaker Processing Jobs | Not applicable |
| Amazon SageMaker Training Jobs | Not applicable |
| AWS Service Catalog | Applicable |
| Amazon Simple Email Service (SES) | Not applicable |
| Amazon Simple Notification Service (SNS) | Not applicable |
| Amazon Simple Queue Service (SQS) | Not applicable |
| AWS Systems Manager - Run Command | Applicable |
| AWS Step Functions | Applicable |
| AWS Storage Gateway | Applicable |
| Amazon SWF | Applicable |
| Amazon Textract | Applicable |
| AWS Transfer Family | Applicable |
| AWS Transit Gateway | Applicable |
| Amazon Translate | Applicable |
| AWS Trusted Advisor | Applicable |
| AWS API Usage | Applicable |
| AWS Site-to-Site VPN | Applicable |
| AWS WAF Classic | Applicable |
| AWS WAF | Applicable |
| Amazon WorkMail | Applicable |
| Amazon WorkSpaces | Applicable |

Available metrics¶
WebACL is the main dimension.
| Name | Description | Unit | Statistics | Dimensions | Recommended |
|---|---|---|---|---|---|
| AllowedRequests | The number of allowed web requests | Count | Sum | WebACL, Region, Rule | Applicable |
| AllowedRequests | Count | Sum | WebACL, Region, RuleGroup | Applicable | |
| AllowedRequests | Count | Sum | Region, Rule, RuleGroup | Applicable | |
| AllowedRequests | Count | Sum | WebACL, Rule | Applicable | |
| AllowedRequests | Count | Sum | WebACL, RuleGroup | Applicable | |
| BlockedRequests | The number of blocked web requests | Count | Sum | WebACL, Region, Rule | Applicable |
| BlockedRequests | Count | Sum | WebACL, Region, RuleGroup | Applicable | |
| BlockedRequests | Count | Sum | Region, Rule, RuleGroup | Applicable | |
| BlockedRequests | Count | Sum | WebACL, Rule | Applicable | |
| BlockedRequests | Count | Sum | WebACL, RuleGroup | Applicable | |
| CountedRequests | The number of counted web requests | Count | Sum | WebACL, Region, Rule | Applicable |
| CountedRequests | Count | Sum | WebACL, Region, RuleGroup | Applicable | |
| CountedRequests | Count | Sum | Region, Rule, RuleGroup | Applicable | |
| CountedRequests | Count | Sum | WebACL, Rule | Applicable | |
| CountedRequests | Count | Sum | WebACL, RuleGroup | Applicable | |
| PassedRequests | The number of passed requests for a rule group | Count | Sum | WebACL, Region, Rule | Applicable |
| PassedRequests | Count | Sum | WebACL, Region, RuleGroup | Applicable | |
| PassedRequests | Count | Sum | Region, Rule, RuleGroup | Applicable | |
| PassedRequests | Count | Sum | WebACL, Rule | Applicable | |
| PassedRequests | Count | Sum | WebACL, RuleGroup | Applicable |
Limitations¶
Dynatrace entities of this AWS service are not enriched with the ARN property.
Source: aws-service-workmail.md¶
title: Amazon WorkMail monitoring source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-with-aws/aws-all-services/aws-service-workmail scraped: 2026-02-17T21:27:56.912046
Amazon WorkMail monitoring¶
Amazon WorkMail monitoring¶
- How-to guide
- 1-min read
- Published Jul 06, 2020
Dynatrace ingests metrics for multiple preselected namespaces, including Amazon WorkMail. You can view metrics for each service instance, split metrics into multiple dimensions, and create custom charts that you can pin to your dashboards.
Prerequisites¶
To enable monitoring for this service, you need
-
ActiveGate version 1.197+
-
For Dynatrace SaaS deployments, you need an Environment ActiveGate or a Multi-environment ActiveGate.
For role-based access in SaaS deployment, you need an Environment ActiveGate installed on an Amazon EC2 host.
- Dynatrace version 1.200+
- An updated AWS monitoring policy to include the additional AWS services.
To update the AWS IAM policy, use the JSON below, containing the monitoring policy (permissions) for all supporting services.
JSON predefined policy for all supporting services
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"acm-pca:ListCertificateAuthorities",
"apigateway:GET",
"apprunner:ListServices",
"appstream:DescribeFleets",
"appsync:ListGraphqlApis",
"athena:ListWorkGroups",
"autoscaling:DescribeAutoScalingGroups",
"cloudformation:ListStackResources",
"cloudfront:ListDistributions",
"cloudhsm:DescribeClusters",
"cloudsearch:DescribeDomains",
"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"codebuild:ListProjects",
"datasync:ListTasks",
"dax:DescribeClusters",
"directconnect:DescribeConnections",
"dms:DescribeReplicationInstances",
"dynamodb:ListTables",
"dynamodb:ListTagsOfResource",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeInstances",
"ec2:DescribeNatGateways",
"ec2:DescribeSpotFleetRequests",
"ec2:DescribeTransitGateways",
"ec2:DescribeVolumes",
"ec2:DescribeVpnConnections",
"ecs:ListClusters",
"eks:ListClusters",
"elasticache:DescribeCacheClusters",
"elasticbeanstalk:DescribeEnvironmentResources",
"elasticbeanstalk:DescribeEnvironments",
"elasticfilesystem:DescribeFileSystems",
"elasticloadbalancing:DescribeInstanceHealth",
"elasticloadbalancing:DescribeListeners",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeRules",
"elasticloadbalancing:DescribeTags",
"elasticloadbalancing:DescribeTargetHealth",
"elasticmapreduce:ListClusters",
"elastictranscoder:ListPipelines",
"es:ListDomainNames",
"events:ListEventBuses",
"firehose:ListDeliveryStreams",
"fsx:DescribeFileSystems",
"gamelift:ListFleets",
"glue:GetJobs",
"inspector:ListAssessmentTemplates",
"kafka:ListClusters",
"kinesis:ListStreams",
"kinesisanalytics:ListApplications",
"kinesisvideo:ListStreams",
"lambda:ListFunctions",
"lambda:ListTags",
"lex:GetBots",
"logs:DescribeLogGroups",
"mediaconnect:ListFlows",
"mediaconvert:DescribeEndpoints",
"mediapackage-vod:ListPackagingConfigurations",
"mediapackage:ListChannels",
"mediatailor:ListPlaybackConfigurations",
"opsworks:DescribeStacks",
"qldb:ListLedgers",
"rds:DescribeDBClusters",
"rds:DescribeDBInstances",
"rds:DescribeEvents",
"rds:ListTagsForResource",
"redshift:DescribeClusters",
"robomaker:ListSimulationJobs",
"route53:ListHostedZones",
"route53resolver:ListResolverEndpoints",
"s3:ListAllMyBuckets",
"sagemaker:ListEndpoints",
"sns:ListTopics",
"sqs:ListQueues",
"storagegateway:ListGateways",
"sts:GetCallerIdentity",
"swf:ListDomains",
"tag:GetResources",
"tag:GetTagKeys",
"transfer:ListServers",
"workmail:ListOrganizations",
"workspaces:DescribeWorkspaces"
],
"Resource": "*"
}
]
}
If you don't want to add permissions to all services, and just select permissions for certain services, consult the table below. The table contains a set of permissions that are required for All AWS cloud services and, for each supporting service, a list of optional permissions specific to that service.
Permissions required for AWS monitoring integration:
"cloudwatch:GetMetricData""cloudwatch:GetMetricStatistics""cloudwatch:ListMetrics""sts:GetCallerIdentity""tag:GetResources""tag:GetTagKeys""ec2:DescribeAvailabilityZones"
Complete list of permissions for cloud services¶
| Name | Permissions |
|---|---|
| All monitored Amazon services Required | cloudwatch:GetMetricData, cloudwatch:GetMetricStatistics, cloudwatch:ListMetrics, sts:GetCallerIdentity, tag:GetResources, tag:GetTagKeys, ec2:DescribeAvailabilityZones |
| AWS Certificate Manager Private Certificate Authority | acm-pca:ListCertificateAuthorities |
| Amazon MQ | |
| Amazon API Gateway | apigateway:GET |
| AWS App Runner | apprunner:ListServices |
| Amazon AppStream | appstream:DescribeFleets |
| AWS AppSync | appsync:ListGraphqlApis |
| Amazon Athena | athena:ListWorkGroups |
| Amazon Aurora | rds:DescribeDBClusters |
| Amazon EC2 Auto Scaling | autoscaling:DescribeAutoScalingGroups |
| Amazon EC2 Auto Scaling (built-in) | autoscaling:DescribeAutoScalingGroups |
| AWS Billing | |
| Amazon Keyspaces | |
| AWS Chatbot | |
| Amazon CloudFront | cloudfront:ListDistributions |
| AWS CloudHSM | cloudhsm:DescribeClusters |
| Amazon CloudSearch | cloudsearch:DescribeDomains |
| AWS CodeBuild | codebuild:ListProjects |
| Amazon Cognito | |
| Amazon Connect | |
| Amazon Elastic Kubernetes Service (EKS) | eks:ListClusters |
| AWS DataSync | datasync:ListTasks |
| Amazon DynamoDB Accelerator (DAX) | dax:DescribeClusters |
| AWS Database Migration Service (AWS DMS) | dms:DescribeReplicationInstances |
| Amazon DocumentDB | rds:DescribeDBClusters |
| AWS Direct Connect | directconnect:DescribeConnections |
| Amazon DynamoDB | dynamodb:ListTables |
| Amazon DynamoDB (built-in) | dynamodb:ListTables, dynamodb:ListTagsOfResource |
| Amazon EBS | ec2:DescribeVolumes |
| Amazon EBS (built-in) | ec2:DescribeVolumes |
| Amazon EC2 API | |
| Amazon EC2 (built-in) | ec2:DescribeInstances |
| Amazon EC2 Spot Fleet | ec2:DescribeSpotFleetRequests |
| Amazon Elastic Container Service (ECS) | ecs:ListClusters |
| Amazon ECS Container Insights | ecs:ListClusters |
| Amazon ElastiCache (EC) | elasticache:DescribeCacheClusters |
| AWS Elastic Beanstalk | elasticbeanstalk:DescribeEnvironments |
| Amazon Elastic File System (EFS) | elasticfilesystem:DescribeFileSystems |
| Amazon Elastic Inference | |
| Amazon Elastic Map Reduce (EMR) | elasticmapreduce:ListClusters |
| Amazon Elasticsearch Service (ES) | es:ListDomainNames |
| Amazon Elastic Transcoder | elastictranscoder:ListPipelines |
| Amazon Elastic Load Balancer (ELB) (built-in) | elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth |
| Amazon EventBridge | events:ListEventBuses |
| Amazon FSx | fsx:DescribeFileSystems |
| Amazon GameLift | gamelift:ListFleets |
| AWS Glue | glue:GetJobs |
| Amazon Inspector | inspector:ListAssessmentTemplates |
| AWS Internet of Things (IoT) | |
| AWS IoT Analytics | |
| Amazon Managed Streaming for Kafka | kafka:ListClusters |
| Amazon Kinesis Data Analytics | kinesisanalytics:ListApplications |
| Amazon Data Firehose | firehose:ListDeliveryStreams |
| Amazon Kinesis Data Streams | kinesis:ListStreams |
| Amazon Kinesis Video Streams | kinesisvideo:ListStreams |
| AWS Lambda | lambda:ListFunctions |
| AWS Lambda (built-in) | lambda:ListFunctions, lambda:ListTags |
| Amazon Lex | lex:GetBots |
| Amazon Application and Network Load Balancer (built-in) | elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth |
| Amazon CloudWatch Logs | logs:DescribeLogGroups |
| AWS Elemental MediaConnect | mediaconnect:ListFlows |
| AWS Elemental MediaConvert | mediaconvert:DescribeEndpoints |
| AWS Elemental MediaPackage Live | mediapackage:ListChannels |
| AWS Elemental MediaPackage Video on Demand | mediapackage-vod:ListPackagingConfigurations |
| AWS Elemental MediaTailor | mediatailor:ListPlaybackConfigurations |
| Amazon VPC NAT Gateways | ec2:DescribeNatGateways |
| Amazon Neptune | rds:DescribeDBClusters |
| AWS OpsWorks | opsworks:DescribeStacks |
| Amazon Polly | |
| Amazon QLDB | qldb:ListLedgers |
| Amazon RDS | rds:DescribeDBInstances |
| Amazon RDS (built-in) | rds:DescribeDBInstances, rds:DescribeEvents, rds:ListTagsForResource |
| Amazon Redshift | redshift:DescribeClusters |
| Amazon Rekognition | |
| AWS RoboMaker | robomaker:ListSimulationJobs |
| Amazon Route 53 | route53:ListHostedZones |
| Amazon Route 53 Resolver | route53resolver:ListResolverEndpoints |
| Amazon S3 | s3:ListAllMyBuckets |
| Amazon S3 (built-in) | s3:ListAllMyBuckets |
| Amazon SageMaker Batch Transform Jobs | |
| Amazon SageMaker Endpoint Instances | sagemaker:ListEndpoints |
| Amazon SageMaker Endpoints | sagemaker:ListEndpoints |
| Amazon SageMaker Ground Truth | |
| Amazon SageMaker Processing Jobs | |
| Amazon SageMaker Training Jobs | |
| AWS Service Catalog | |
| Amazon Simple Email Service (SES) | |
| Amazon Simple Notification Service (SNS) | sns:ListTopics |
| Amazon Simple Queue Service (SQS) | sqs:ListQueues |
| AWS Systems Manager - Run Command | |
| AWS Step Functions | |
| AWS Storage Gateway | storagegateway:ListGateways |
| Amazon SWF | swf:ListDomains |
| Amazon Textract | |
| AWS IoT Things Graph | |
| AWS Transfer Family | transfer:ListServers |
| AWS Transit Gateway | ec2:DescribeTransitGateways |
| Amazon Translate | |
| AWS Trusted Advisor | |
| AWS API Usage | |
| AWS Site-to-Site VPN | ec2:DescribeVpnConnections |
| AWS WAF Classic | |
| AWS WAF | |
| Amazon WorkMail | workmail:ListOrganizations |
| Amazon WorkSpaces | workspaces:DescribeWorkspaces |
Example of JSON policy for one single service.
JSON policy for Amazon API Gateway
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"apigateway:GET",
"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"sts:GetCallerIdentity",
"tag:GetResources",
"tag:GetTagKeys",
"ec2:DescribeAvailabilityZones"
],
"Resource": "*"
}
]
}
In this example, from the complete list of permissions you need to select
"apigateway:GET"for Amazon API Gateway"cloudwatch:GetMetricData","cloudwatch:GetMetricStatistics","cloudwatch:ListMetrics","sts:GetCallerIdentity","tag:GetResources","tag:GetTagKeys", and"ec2:DescribeAvailabilityZones"for All AWS cloud services.
AWS endpoints that need to be reachable from ActiveGate with corresponding AWS services¶
| Endpoint | Service |
|---|---|
autoscaling.<REGION>.amazonaws.com |
Amazon EC2 Auto Scaling (built-in), Amazon EC2 Auto Scaling |
lambda.<REGION>.amazonaws.com |
AWS Lambda (built-in), AWS Lambda |
elasticloadbalancing.<REGION>.amazonaws.com |
Amazon Application and Network Load Balancer (built-in), Amazon Elastic Load Balancer (ELB) (built-in) |
dynamodb.<REGION>.amazonaws.com |
Amazon DynamoDB (built-in), Amazon DynamoDB |
ec2.<REGION>.amazonaws.com |
Amazon EBS (built-in), Amazon EC2 (built-in), Amazon EBS, Amazon EC2 Spot Fleet, Amazon VPC NAT Gateways, AWS Transit Gateway, AWS Site-to-Site VPN |
rds.<REGION>.amazonaws.com |
Amazon RDS (built-in), Amazon Aurora, Amazon DocumentDB, Amazon Neptune, Amazon RDS |
s3.<REGION>.amazonaws.com |
Amazon S3 (built-in) |
acm-pca.<REGION>.amazonaws.com |
AWS Certificate Manager Private Certificate Authority |
apigateway.<REGION>.amazonaws.com |
Amazon API Gateway |
apprunner.<REGION>.amazonaws.com |
AWS App Runner |
appstream2.<REGION>.amazonaws.com |
Amazon AppStream |
appsync.<REGION>.amazonaws.com |
AWS AppSync |
athena.<REGION>.amazonaws.com |
Amazon Athena |
cloudfront.amazonaws.com |
Amazon CloudFront |
cloudhsmv2.<REGION>.amazonaws.com |
AWS CloudHSM |
cloudsearch.<REGION>.amazonaws.com |
Amazon CloudSearch |
codebuild.<REGION>.amazonaws.com |
AWS CodeBuild |
datasync.<REGION>.amazonaws.com |
AWS DataSync |
dax.<REGION>.amazonaws.com |
Amazon DynamoDB Accelerator (DAX) |
dms.<REGION>.amazonaws.com |
AWS Database Migration Service (AWS DMS) |
directconnect.<REGION>.amazonaws.com |
AWS Direct Connect |
ecs.<REGION>.amazonaws.com |
Amazon Elastic Container Service (ECS), Amazon ECS Container Insights |
elasticfilesystem.<REGION>.amazonaws.com |
Amazon Elastic File System (EFS) |
eks.<REGION>.amazonaws.com |
Amazon Elastic Kubernetes Service (EKS) |
elasticache.<REGION>.amazonaws.com |
Amazon ElastiCache (EC) |
elasticbeanstalk.<REGION>.amazonaws.com |
AWS Elastic Beanstalk |
elastictranscoder.<REGION>.amazonaws.com |
Amazon Elastic Transcoder |
es.<REGION>.amazonaws.com |
Amazon Elasticsearch Service (ES) |
events.<REGION>.amazonaws.com |
Amazon EventBridge |
fsx.<REGION>.amazonaws.com |
Amazon FSx |
gamelift.<REGION>.amazonaws.com |
Amazon GameLift |
glue.<REGION>.amazonaws.com |
AWS Glue |
inspector.<REGION>.amazonaws.com |
Amazon Inspector |
kafka.<REGION>.amazonaws.com |
Amazon Managed Streaming for Kafka |
models.lex.<REGION>.amazonaws.com |
Amazon Lex |
logs.<REGION>.amazonaws.com |
Amazon CloudWatch Logs |
api.mediatailor.<REGION>.amazonaws.com |
AWS Elemental MediaTailor |
mediaconnect.<REGION>.amazonaws.com |
AWS Elemental MediaConnect |
mediapackage.<REGION>.amazonaws.com |
AWS Elemental MediaPackage Live |
mediapackage-vod.<REGION>.amazonaws.com |
AWS Elemental MediaPackage Video on Demand |
opsworks.<REGION>.amazonaws.com |
AWS OpsWorks |
qldb.<REGION>.amazonaws.com |
Amazon QLDB |
redshift.<REGION>.amazonaws.com |
Amazon Redshift |
robomaker.<REGION>.amazonaws.com |
AWS RoboMaker |
route53.amazonaws.com |
Amazon Route 53 |
route53resolver.<REGION>.amazonaws.com |
Amazon Route 53 Resolver |
api.sagemaker.<REGION>.amazonaws.com |
Amazon SageMaker Endpoints, Amazon SageMaker Endpoint Instances |
sns.<REGION>.amazonaws.com |
Amazon Simple Notification Service (SNS) |
sqs.<REGION>.amazonaws.com |
Amazon Simple Queue Service (SQS) |
storagegateway.<REGION>.amazonaws.com |
AWS Storage Gateway |
swf.<REGION>.amazonaws.com |
Amazon SWF |
transfer.<REGION>.amazonaws.com |
AWS Transfer Family |
workmail.<REGION>.amazonaws.com |
Amazon WorkMail |
workspaces.<REGION>.amazonaws.com |
Amazon WorkSpaces |
Enable monitoring¶
To learn how to enable service monitoring, see Enable service monitoring.
View service metrics¶
You can view the service metrics in your Dynatrace environment either on the custom device overview page or on your Dashboards page.
View metrics on the custom device overview page¶
To access the custom device overview page
- Go to
Technologies & Processes Classic. - Filter by service name and select the relevant custom device group.
- Once you select the custom device group, you're on the custom device group overview page.
- The custom device group overview page lists all instances (custom devices) belonging to the group. Select an instance to view the custom device overview page.
View metrics on your dashboard¶
After you add the service to monitoring, a preset dashboard containing all recommended metrics is automatically listed on your Dashboards page. To look for specific dashboards, filter by Preset and then by Name.

For existing monitored services, you might need to resave your credentials for the preset dashboard to appear on the Dashboards page. To resave your credentials, go to Settings > Cloud and virtualization > AWS, select the desired AWS instance, and then select Save.
You can't make changes on a preset dashboard directly, but you can clone and edit it. To clone a dashboard, open the browse menu (â¦) and select Clone.
To remove a dashboard from the dashboards page, you can hide it. To hide a dashboard, open the browse menu (â¦) and select Hide.
Hiding a dashboard doesn't affect other users.

To check the availability of preset dashboards for each AWS service, see the list below.
Preset dashboard availability list¶
| AWS service | Preset dashboard |
|---|---|
| Amazon EC2 Auto Scaling (built-in) | Not applicable |
| AWS Lambda (built-in) | Not applicable |
| Amazon Application and Network Load Balancer (built-in) | Not applicable |
| Amazon DynamoDB (built-in) | Not applicable |
| Amazon EBS (built-in) | Not applicable |
| Amazon EC2 (built-in) | Not applicable |
| Amazon Elastic Load Balancer (ELB) (built-in) | Not applicable |
| Amazon RDS (built-in) | Not applicable |
| Amazon S3 (built-in) | Not applicable |
| AWS Certificate Manager Private Certificate Authority | Not applicable |
| All monitored Amazon services | Not applicable |
| Amazon API Gateway | Not applicable |
| AWS App Runner | Not applicable |
| Amazon AppStream | Applicable |
| AWS AppSync | Applicable |
| Amazon Athena | Applicable |
| Amazon Aurora | Not applicable |
| Amazon EC2 Auto Scaling | Applicable |
| AWS Billing | Applicable |
| Amazon Keyspaces | Applicable |
| AWS Chatbot | Applicable |
| Amazon CloudFront | Not applicable |
| AWS CloudHSM | Applicable |
| Amazon CloudSearch | Applicable |
| AWS CodeBuild | Applicable |
| Amazon Cognito | Not applicable |
| Amazon Connect | Applicable |
| AWS DataSync | Applicable |
| Amazon DynamoDB Accelerator (DAX) | Applicable |
| AWS Database Migration Service (AWS DMS) | Applicable |
| Amazon DocumentDB | Applicable |
| AWS Direct Connect | Applicable |
| Amazon DynamoDB | Not applicable |
| Amazon EBS | Not applicable |
| Amazon EC2 Spot Fleet | Not applicable |
| Amazon EC2 API | Applicable |
| Amazon Elastic Container Service (ECS) | Not applicable |
| Amazon ECS Container Insights | Applicable |
| Amazon Elastic File System (EFS) | Not applicable |
| Amazon Elastic Kubernetes Service (EKS) | Applicable |
| Amazon ElastiCache (EC) | Not applicable |
| AWS Elastic Beanstalk | Applicable |
| Amazon Elastic Inference | Applicable |
| Amazon Elastic Transcoder | Applicable |
| Amazon Elastic Map Reduce (EMR) | Not applicable |
| Amazon Elasticsearch Service (ES) | Not applicable |
| Amazon EventBridge | Applicable |
| Amazon FSx | Applicable |
| Amazon GameLift | Applicable |
| AWS Glue | Not applicable |
| Amazon Inspector | Applicable |
| AWS Internet of Things (IoT) | Not applicable |
| AWS IoT Things Graph | Applicable |
| AWS IoT Analytics | Applicable |
| Amazon Managed Streaming for Kafka | Applicable |
| Amazon Kinesis Data Analytics | Not applicable |
| Amazon Data Firehose | Not applicable |
| Amazon Kinesis Data Streams | Not applicable |
| Amazon Kinesis Video Streams | Not applicable |
| AWS Lambda | Not applicable |
| Amazon Lex | Applicable |
| Amazon CloudWatch Logs | Applicable |
| AWS Elemental MediaTailor | Applicable |
| AWS Elemental MediaConnect | Applicable |
| AWS Elemental MediaConvert | Applicable |
| AWS Elemental MediaPackage Live | Applicable |
| AWS Elemental MediaPackage Video on Demand | Applicable |
| Amazon MQ | Applicable |
| Amazon VPC NAT Gateways | Not applicable |
| Amazon Neptune | Applicable |
| AWS OpsWorks | Applicable |
| Amazon Polly | Applicable |
| Amazon QLDB | Applicable |
| Amazon RDS | Not applicable |
| Amazon Redshift | Not applicable |
| Amazon Rekognition | Applicable |
| AWS RoboMaker | Applicable |
| Amazon Route 53 | Applicable |
| Amazon Route 53 Resolver | Applicable |
| Amazon S3 | Not applicable |
| Amazon SageMaker Batch Transform Jobs | Not applicable |
| Amazon SageMaker Endpoints | Not applicable |
| Amazon SageMaker Endpoint Instances | Not applicable |
| Amazon SageMaker Ground Truth | Not applicable |
| Amazon SageMaker Processing Jobs | Not applicable |
| Amazon SageMaker Training Jobs | Not applicable |
| AWS Service Catalog | Applicable |
| Amazon Simple Email Service (SES) | Not applicable |
| Amazon Simple Notification Service (SNS) | Not applicable |
| Amazon Simple Queue Service (SQS) | Not applicable |
| AWS Systems Manager - Run Command | Applicable |
| AWS Step Functions | Applicable |
| AWS Storage Gateway | Applicable |
| Amazon SWF | Applicable |
| Amazon Textract | Applicable |
| AWS Transfer Family | Applicable |
| AWS Transit Gateway | Applicable |
| Amazon Translate | Applicable |
| AWS Trusted Advisor | Applicable |
| AWS API Usage | Applicable |
| AWS Site-to-Site VPN | Applicable |
| AWS WAF Classic | Applicable |
| AWS WAF | Applicable |
| Amazon WorkMail | Applicable |
| Amazon WorkSpaces | Applicable |

Available metrics¶
OrganizationId is the main dimension.
| Name | Description | Unit | Statistics | Dimensions | Recommended |
|---|---|---|---|---|---|
| IncomingEmailBounced | The number of incoming emails that bounced due to full or nonexistent mailboxes | Count | Sum | OrganizationId | Applicable |
| MailboxEmailDelivered | The number of emails delivered to individual mailboxes in your Amazon WorkMail organization | Count | Sum | OrganizationId | Applicable |
| OrganizationEmailReceived | The number of emails received by your Amazon WorkMail organization | Count | Sum | OrganizationId | Applicable |
| OutgoingEmailBounced | The number of outgoing emails that could not be delivered, counted for each intended recipient | Count | Sum | OrganizationId | Applicable |
| OutgoingEmailSent | The number of emails successfully sent from your Amazon WorkMail organization | Count | Sum | OrganizationId | Applicable |
Source: aws-service-workspaces.md¶
title: Amazon WorkSpaces monitoring source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-with-aws/aws-all-services/aws-service-workspaces scraped: 2026-02-18T05:46:30.107558
Amazon WorkSpaces monitoring¶
Amazon WorkSpaces monitoring¶
- How-to guide
- 2-min read
- Published Jul 06, 2020
Dynatrace ingests metrics for multiple preselected namespaces, including Amazon WorkSpaces. You can view metrics for each service instance, split metrics into multiple dimensions, and create custom charts that you can pin to your dashboards.
Prerequisites¶
To enable monitoring for this service, you need
-
ActiveGate version 1.197+
-
For Dynatrace SaaS deployments, you need an Environment ActiveGate or a Multi-environment ActiveGate.
For role-based access in SaaS deployment, you need an Environment ActiveGate installed on an Amazon EC2 host.
- Dynatrace version 1.200+
- An updated AWS monitoring policy to include the additional AWS services.
To update the AWS IAM policy, use the JSON below, containing the monitoring policy (permissions) for all supporting services.
JSON predefined policy for all supporting services
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"acm-pca:ListCertificateAuthorities",
"apigateway:GET",
"apprunner:ListServices",
"appstream:DescribeFleets",
"appsync:ListGraphqlApis",
"athena:ListWorkGroups",
"autoscaling:DescribeAutoScalingGroups",
"cloudformation:ListStackResources",
"cloudfront:ListDistributions",
"cloudhsm:DescribeClusters",
"cloudsearch:DescribeDomains",
"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"codebuild:ListProjects",
"datasync:ListTasks",
"dax:DescribeClusters",
"directconnect:DescribeConnections",
"dms:DescribeReplicationInstances",
"dynamodb:ListTables",
"dynamodb:ListTagsOfResource",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeInstances",
"ec2:DescribeNatGateways",
"ec2:DescribeSpotFleetRequests",
"ec2:DescribeTransitGateways",
"ec2:DescribeVolumes",
"ec2:DescribeVpnConnections",
"ecs:ListClusters",
"eks:ListClusters",
"elasticache:DescribeCacheClusters",
"elasticbeanstalk:DescribeEnvironmentResources",
"elasticbeanstalk:DescribeEnvironments",
"elasticfilesystem:DescribeFileSystems",
"elasticloadbalancing:DescribeInstanceHealth",
"elasticloadbalancing:DescribeListeners",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeRules",
"elasticloadbalancing:DescribeTags",
"elasticloadbalancing:DescribeTargetHealth",
"elasticmapreduce:ListClusters",
"elastictranscoder:ListPipelines",
"es:ListDomainNames",
"events:ListEventBuses",
"firehose:ListDeliveryStreams",
"fsx:DescribeFileSystems",
"gamelift:ListFleets",
"glue:GetJobs",
"inspector:ListAssessmentTemplates",
"kafka:ListClusters",
"kinesis:ListStreams",
"kinesisanalytics:ListApplications",
"kinesisvideo:ListStreams",
"lambda:ListFunctions",
"lambda:ListTags",
"lex:GetBots",
"logs:DescribeLogGroups",
"mediaconnect:ListFlows",
"mediaconvert:DescribeEndpoints",
"mediapackage-vod:ListPackagingConfigurations",
"mediapackage:ListChannels",
"mediatailor:ListPlaybackConfigurations",
"opsworks:DescribeStacks",
"qldb:ListLedgers",
"rds:DescribeDBClusters",
"rds:DescribeDBInstances",
"rds:DescribeEvents",
"rds:ListTagsForResource",
"redshift:DescribeClusters",
"robomaker:ListSimulationJobs",
"route53:ListHostedZones",
"route53resolver:ListResolverEndpoints",
"s3:ListAllMyBuckets",
"sagemaker:ListEndpoints",
"sns:ListTopics",
"sqs:ListQueues",
"storagegateway:ListGateways",
"sts:GetCallerIdentity",
"swf:ListDomains",
"tag:GetResources",
"tag:GetTagKeys",
"transfer:ListServers",
"workmail:ListOrganizations",
"workspaces:DescribeWorkspaces"
],
"Resource": "*"
}
]
}
If you don't want to add permissions to all services, and just select permissions for certain services, consult the table below. The table contains a set of permissions that are required for All AWS cloud services and, for each supporting service, a list of optional permissions specific to that service.
Permissions required for AWS monitoring integration:
"cloudwatch:GetMetricData""cloudwatch:GetMetricStatistics""cloudwatch:ListMetrics""sts:GetCallerIdentity""tag:GetResources""tag:GetTagKeys""ec2:DescribeAvailabilityZones"
Complete list of permissions for cloud services¶
| Name | Permissions |
|---|---|
| All monitored Amazon services Required | cloudwatch:GetMetricData, cloudwatch:GetMetricStatistics, cloudwatch:ListMetrics, sts:GetCallerIdentity, tag:GetResources, tag:GetTagKeys, ec2:DescribeAvailabilityZones |
| AWS Certificate Manager Private Certificate Authority | acm-pca:ListCertificateAuthorities |
| Amazon MQ | |
| Amazon API Gateway | apigateway:GET |
| AWS App Runner | apprunner:ListServices |
| Amazon AppStream | appstream:DescribeFleets |
| AWS AppSync | appsync:ListGraphqlApis |
| Amazon Athena | athena:ListWorkGroups |
| Amazon Aurora | rds:DescribeDBClusters |
| Amazon EC2 Auto Scaling | autoscaling:DescribeAutoScalingGroups |
| Amazon EC2 Auto Scaling (built-in) | autoscaling:DescribeAutoScalingGroups |
| AWS Billing | |
| Amazon Keyspaces | |
| AWS Chatbot | |
| Amazon CloudFront | cloudfront:ListDistributions |
| AWS CloudHSM | cloudhsm:DescribeClusters |
| Amazon CloudSearch | cloudsearch:DescribeDomains |
| AWS CodeBuild | codebuild:ListProjects |
| Amazon Cognito | |
| Amazon Connect | |
| Amazon Elastic Kubernetes Service (EKS) | eks:ListClusters |
| AWS DataSync | datasync:ListTasks |
| Amazon DynamoDB Accelerator (DAX) | dax:DescribeClusters |
| AWS Database Migration Service (AWS DMS) | dms:DescribeReplicationInstances |
| Amazon DocumentDB | rds:DescribeDBClusters |
| AWS Direct Connect | directconnect:DescribeConnections |
| Amazon DynamoDB | dynamodb:ListTables |
| Amazon DynamoDB (built-in) | dynamodb:ListTables, dynamodb:ListTagsOfResource |
| Amazon EBS | ec2:DescribeVolumes |
| Amazon EBS (built-in) | ec2:DescribeVolumes |
| Amazon EC2 API | |
| Amazon EC2 (built-in) | ec2:DescribeInstances |
| Amazon EC2 Spot Fleet | ec2:DescribeSpotFleetRequests |
| Amazon Elastic Container Service (ECS) | ecs:ListClusters |
| Amazon ECS Container Insights | ecs:ListClusters |
| Amazon ElastiCache (EC) | elasticache:DescribeCacheClusters |
| AWS Elastic Beanstalk | elasticbeanstalk:DescribeEnvironments |
| Amazon Elastic File System (EFS) | elasticfilesystem:DescribeFileSystems |
| Amazon Elastic Inference | |
| Amazon Elastic Map Reduce (EMR) | elasticmapreduce:ListClusters |
| Amazon Elasticsearch Service (ES) | es:ListDomainNames |
| Amazon Elastic Transcoder | elastictranscoder:ListPipelines |
| Amazon Elastic Load Balancer (ELB) (built-in) | elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth |
| Amazon EventBridge | events:ListEventBuses |
| Amazon FSx | fsx:DescribeFileSystems |
| Amazon GameLift | gamelift:ListFleets |
| AWS Glue | glue:GetJobs |
| Amazon Inspector | inspector:ListAssessmentTemplates |
| AWS Internet of Things (IoT) | |
| AWS IoT Analytics | |
| Amazon Managed Streaming for Kafka | kafka:ListClusters |
| Amazon Kinesis Data Analytics | kinesisanalytics:ListApplications |
| Amazon Data Firehose | firehose:ListDeliveryStreams |
| Amazon Kinesis Data Streams | kinesis:ListStreams |
| Amazon Kinesis Video Streams | kinesisvideo:ListStreams |
| AWS Lambda | lambda:ListFunctions |
| AWS Lambda (built-in) | lambda:ListFunctions, lambda:ListTags |
| Amazon Lex | lex:GetBots |
| Amazon Application and Network Load Balancer (built-in) | elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth |
| Amazon CloudWatch Logs | logs:DescribeLogGroups |
| AWS Elemental MediaConnect | mediaconnect:ListFlows |
| AWS Elemental MediaConvert | mediaconvert:DescribeEndpoints |
| AWS Elemental MediaPackage Live | mediapackage:ListChannels |
| AWS Elemental MediaPackage Video on Demand | mediapackage-vod:ListPackagingConfigurations |
| AWS Elemental MediaTailor | mediatailor:ListPlaybackConfigurations |
| Amazon VPC NAT Gateways | ec2:DescribeNatGateways |
| Amazon Neptune | rds:DescribeDBClusters |
| AWS OpsWorks | opsworks:DescribeStacks |
| Amazon Polly | |
| Amazon QLDB | qldb:ListLedgers |
| Amazon RDS | rds:DescribeDBInstances |
| Amazon RDS (built-in) | rds:DescribeDBInstances, rds:DescribeEvents, rds:ListTagsForResource |
| Amazon Redshift | redshift:DescribeClusters |
| Amazon Rekognition | |
| AWS RoboMaker | robomaker:ListSimulationJobs |
| Amazon Route 53 | route53:ListHostedZones |
| Amazon Route 53 Resolver | route53resolver:ListResolverEndpoints |
| Amazon S3 | s3:ListAllMyBuckets |
| Amazon S3 (built-in) | s3:ListAllMyBuckets |
| Amazon SageMaker Batch Transform Jobs | |
| Amazon SageMaker Endpoint Instances | sagemaker:ListEndpoints |
| Amazon SageMaker Endpoints | sagemaker:ListEndpoints |
| Amazon SageMaker Ground Truth | |
| Amazon SageMaker Processing Jobs | |
| Amazon SageMaker Training Jobs | |
| AWS Service Catalog | |
| Amazon Simple Email Service (SES) | |
| Amazon Simple Notification Service (SNS) | sns:ListTopics |
| Amazon Simple Queue Service (SQS) | sqs:ListQueues |
| AWS Systems Manager - Run Command | |
| AWS Step Functions | |
| AWS Storage Gateway | storagegateway:ListGateways |
| Amazon SWF | swf:ListDomains |
| Amazon Textract | |
| AWS IoT Things Graph | |
| AWS Transfer Family | transfer:ListServers |
| AWS Transit Gateway | ec2:DescribeTransitGateways |
| Amazon Translate | |
| AWS Trusted Advisor | |
| AWS API Usage | |
| AWS Site-to-Site VPN | ec2:DescribeVpnConnections |
| AWS WAF Classic | |
| AWS WAF | |
| Amazon WorkMail | workmail:ListOrganizations |
| Amazon WorkSpaces | workspaces:DescribeWorkspaces |
Example of JSON policy for one single service.
JSON policy for Amazon API Gateway
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"apigateway:GET",
"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"sts:GetCallerIdentity",
"tag:GetResources",
"tag:GetTagKeys",
"ec2:DescribeAvailabilityZones"
],
"Resource": "*"
}
]
}
In this example, from the complete list of permissions you need to select
"apigateway:GET"for Amazon API Gateway"cloudwatch:GetMetricData","cloudwatch:GetMetricStatistics","cloudwatch:ListMetrics","sts:GetCallerIdentity","tag:GetResources","tag:GetTagKeys", and"ec2:DescribeAvailabilityZones"for All AWS cloud services.
AWS endpoints that need to be reachable from ActiveGate with corresponding AWS services¶
| Endpoint | Service |
|---|---|
autoscaling.<REGION>.amazonaws.com |
Amazon EC2 Auto Scaling (built-in), Amazon EC2 Auto Scaling |
lambda.<REGION>.amazonaws.com |
AWS Lambda (built-in), AWS Lambda |
elasticloadbalancing.<REGION>.amazonaws.com |
Amazon Application and Network Load Balancer (built-in), Amazon Elastic Load Balancer (ELB) (built-in) |
dynamodb.<REGION>.amazonaws.com |
Amazon DynamoDB (built-in), Amazon DynamoDB |
ec2.<REGION>.amazonaws.com |
Amazon EBS (built-in), Amazon EC2 (built-in), Amazon EBS, Amazon EC2 Spot Fleet, Amazon VPC NAT Gateways, AWS Transit Gateway, AWS Site-to-Site VPN |
rds.<REGION>.amazonaws.com |
Amazon RDS (built-in), Amazon Aurora, Amazon DocumentDB, Amazon Neptune, Amazon RDS |
s3.<REGION>.amazonaws.com |
Amazon S3 (built-in) |
acm-pca.<REGION>.amazonaws.com |
AWS Certificate Manager Private Certificate Authority |
apigateway.<REGION>.amazonaws.com |
Amazon API Gateway |
apprunner.<REGION>.amazonaws.com |
AWS App Runner |
appstream2.<REGION>.amazonaws.com |
Amazon AppStream |
appsync.<REGION>.amazonaws.com |
AWS AppSync |
athena.<REGION>.amazonaws.com |
Amazon Athena |
cloudfront.amazonaws.com |
Amazon CloudFront |
cloudhsmv2.<REGION>.amazonaws.com |
AWS CloudHSM |
cloudsearch.<REGION>.amazonaws.com |
Amazon CloudSearch |
codebuild.<REGION>.amazonaws.com |
AWS CodeBuild |
datasync.<REGION>.amazonaws.com |
AWS DataSync |
dax.<REGION>.amazonaws.com |
Amazon DynamoDB Accelerator (DAX) |
dms.<REGION>.amazonaws.com |
AWS Database Migration Service (AWS DMS) |
directconnect.<REGION>.amazonaws.com |
AWS Direct Connect |
ecs.<REGION>.amazonaws.com |
Amazon Elastic Container Service (ECS), Amazon ECS Container Insights |
elasticfilesystem.<REGION>.amazonaws.com |
Amazon Elastic File System (EFS) |
eks.<REGION>.amazonaws.com |
Amazon Elastic Kubernetes Service (EKS) |
elasticache.<REGION>.amazonaws.com |
Amazon ElastiCache (EC) |
elasticbeanstalk.<REGION>.amazonaws.com |
AWS Elastic Beanstalk |
elastictranscoder.<REGION>.amazonaws.com |
Amazon Elastic Transcoder |
es.<REGION>.amazonaws.com |
Amazon Elasticsearch Service (ES) |
events.<REGION>.amazonaws.com |
Amazon EventBridge |
fsx.<REGION>.amazonaws.com |
Amazon FSx |
gamelift.<REGION>.amazonaws.com |
Amazon GameLift |
glue.<REGION>.amazonaws.com |
AWS Glue |
inspector.<REGION>.amazonaws.com |
Amazon Inspector |
kafka.<REGION>.amazonaws.com |
Amazon Managed Streaming for Kafka |
models.lex.<REGION>.amazonaws.com |
Amazon Lex |
logs.<REGION>.amazonaws.com |
Amazon CloudWatch Logs |
api.mediatailor.<REGION>.amazonaws.com |
AWS Elemental MediaTailor |
mediaconnect.<REGION>.amazonaws.com |
AWS Elemental MediaConnect |
mediapackage.<REGION>.amazonaws.com |
AWS Elemental MediaPackage Live |
mediapackage-vod.<REGION>.amazonaws.com |
AWS Elemental MediaPackage Video on Demand |
opsworks.<REGION>.amazonaws.com |
AWS OpsWorks |
qldb.<REGION>.amazonaws.com |
Amazon QLDB |
redshift.<REGION>.amazonaws.com |
Amazon Redshift |
robomaker.<REGION>.amazonaws.com |
AWS RoboMaker |
route53.amazonaws.com |
Amazon Route 53 |
route53resolver.<REGION>.amazonaws.com |
Amazon Route 53 Resolver |
api.sagemaker.<REGION>.amazonaws.com |
Amazon SageMaker Endpoints, Amazon SageMaker Endpoint Instances |
sns.<REGION>.amazonaws.com |
Amazon Simple Notification Service (SNS) |
sqs.<REGION>.amazonaws.com |
Amazon Simple Queue Service (SQS) |
storagegateway.<REGION>.amazonaws.com |
AWS Storage Gateway |
swf.<REGION>.amazonaws.com |
Amazon SWF |
transfer.<REGION>.amazonaws.com |
AWS Transfer Family |
workmail.<REGION>.amazonaws.com |
Amazon WorkMail |
workspaces.<REGION>.amazonaws.com |
Amazon WorkSpaces |
Enable monitoring¶
To learn how to enable service monitoring, see Enable service monitoring.
View service metrics¶
You can view the service metrics in your Dynatrace environment either on the custom device overview page or on your Dashboards page.
View metrics on the custom device overview page¶
To access the custom device overview page
- Go to
Technologies & Processes Classic. - Filter by service name and select the relevant custom device group.
- Once you select the custom device group, you're on the custom device group overview page.
- The custom device group overview page lists all instances (custom devices) belonging to the group. Select an instance to view the custom device overview page.
View metrics on your dashboard¶
After you add the service to monitoring, a preset dashboard containing all recommended metrics is automatically listed on your Dashboards page. To look for specific dashboards, filter by Preset and then by Name.

For existing monitored services, you might need to resave your credentials for the preset dashboard to appear on the Dashboards page. To resave your credentials, go to Settings > Cloud and virtualization > AWS, select the desired AWS instance, and then select Save.
You can't make changes on a preset dashboard directly, but you can clone and edit it. To clone a dashboard, open the browse menu (â¦) and select Clone.
To remove a dashboard from the dashboards page, you can hide it. To hide a dashboard, open the browse menu (â¦) and select Hide.
Hiding a dashboard doesn't affect other users.

To check the availability of preset dashboards for each AWS service, see the list below.
Preset dashboard availability list¶
| AWS service | Preset dashboard |
|---|---|
| Amazon EC2 Auto Scaling (built-in) | Not applicable |
| AWS Lambda (built-in) | Not applicable |
| Amazon Application and Network Load Balancer (built-in) | Not applicable |
| Amazon DynamoDB (built-in) | Not applicable |
| Amazon EBS (built-in) | Not applicable |
| Amazon EC2 (built-in) | Not applicable |
| Amazon Elastic Load Balancer (ELB) (built-in) | Not applicable |
| Amazon RDS (built-in) | Not applicable |
| Amazon S3 (built-in) | Not applicable |
| AWS Certificate Manager Private Certificate Authority | Not applicable |
| All monitored Amazon services | Not applicable |
| Amazon API Gateway | Not applicable |
| AWS App Runner | Not applicable |
| Amazon AppStream | Applicable |
| AWS AppSync | Applicable |
| Amazon Athena | Applicable |
| Amazon Aurora | Not applicable |
| Amazon EC2 Auto Scaling | Applicable |
| AWS Billing | Applicable |
| Amazon Keyspaces | Applicable |
| AWS Chatbot | Applicable |
| Amazon CloudFront | Not applicable |
| AWS CloudHSM | Applicable |
| Amazon CloudSearch | Applicable |
| AWS CodeBuild | Applicable |
| Amazon Cognito | Not applicable |
| Amazon Connect | Applicable |
| AWS DataSync | Applicable |
| Amazon DynamoDB Accelerator (DAX) | Applicable |
| AWS Database Migration Service (AWS DMS) | Applicable |
| Amazon DocumentDB | Applicable |
| AWS Direct Connect | Applicable |
| Amazon DynamoDB | Not applicable |
| Amazon EBS | Not applicable |
| Amazon EC2 Spot Fleet | Not applicable |
| Amazon EC2 API | Applicable |
| Amazon Elastic Container Service (ECS) | Not applicable |
| Amazon ECS Container Insights | Applicable |
| Amazon Elastic File System (EFS) | Not applicable |
| Amazon Elastic Kubernetes Service (EKS) | Applicable |
| Amazon ElastiCache (EC) | Not applicable |
| AWS Elastic Beanstalk | Applicable |
| Amazon Elastic Inference | Applicable |
| Amazon Elastic Transcoder | Applicable |
| Amazon Elastic Map Reduce (EMR) | Not applicable |
| Amazon Elasticsearch Service (ES) | Not applicable |
| Amazon EventBridge | Applicable |
| Amazon FSx | Applicable |
| Amazon GameLift | Applicable |
| AWS Glue | Not applicable |
| Amazon Inspector | Applicable |
| AWS Internet of Things (IoT) | Not applicable |
| AWS IoT Things Graph | Applicable |
| AWS IoT Analytics | Applicable |
| Amazon Managed Streaming for Kafka | Applicable |
| Amazon Kinesis Data Analytics | Not applicable |
| Amazon Data Firehose | Not applicable |
| Amazon Kinesis Data Streams | Not applicable |
| Amazon Kinesis Video Streams | Not applicable |
| AWS Lambda | Not applicable |
| Amazon Lex | Applicable |
| Amazon CloudWatch Logs | Applicable |
| AWS Elemental MediaTailor | Applicable |
| AWS Elemental MediaConnect | Applicable |
| AWS Elemental MediaConvert | Applicable |
| AWS Elemental MediaPackage Live | Applicable |
| AWS Elemental MediaPackage Video on Demand | Applicable |
| Amazon MQ | Applicable |
| Amazon VPC NAT Gateways | Not applicable |
| Amazon Neptune | Applicable |
| AWS OpsWorks | Applicable |
| Amazon Polly | Applicable |
| Amazon QLDB | Applicable |
| Amazon RDS | Not applicable |
| Amazon Redshift | Not applicable |
| Amazon Rekognition | Applicable |
| AWS RoboMaker | Applicable |
| Amazon Route 53 | Applicable |
| Amazon Route 53 Resolver | Applicable |
| Amazon S3 | Not applicable |
| Amazon SageMaker Batch Transform Jobs | Not applicable |
| Amazon SageMaker Endpoints | Not applicable |
| Amazon SageMaker Endpoint Instances | Not applicable |
| Amazon SageMaker Ground Truth | Not applicable |
| Amazon SageMaker Processing Jobs | Not applicable |
| Amazon SageMaker Training Jobs | Not applicable |
| AWS Service Catalog | Applicable |
| Amazon Simple Email Service (SES) | Not applicable |
| Amazon Simple Notification Service (SNS) | Not applicable |
| Amazon Simple Queue Service (SQS) | Not applicable |
| AWS Systems Manager - Run Command | Applicable |
| AWS Step Functions | Applicable |
| AWS Storage Gateway | Applicable |
| Amazon SWF | Applicable |
| Amazon Textract | Applicable |
| AWS Transfer Family | Applicable |
| AWS Transit Gateway | Applicable |
| Amazon Translate | Applicable |
| AWS Trusted Advisor | Applicable |
| AWS API Usage | Applicable |
| AWS Site-to-Site VPN | Applicable |
| AWS WAF Classic | Applicable |
| AWS WAF | Applicable |
| Amazon WorkMail | Applicable |
| Amazon WorkSpaces | Applicable |

Available metrics¶
WorkspaceId is the main dimension.
| Name | Description | Unit | Statistics | Dimensions | Recommended |
|---|---|---|---|---|---|
| Available | The number of WorkSpaces that returned a healthy status | Count | Sum | WorkspaceId | Applicable |
| Available | Count | Sum | Region, DirectoryId | Applicable | |
| ConnectionAttempt | The number of connection attempts | Count | Sum | WorkspaceId | Applicable |
| ConnectionAttempt | Count | Sum | Region, DirectoryId | Applicable | |
| ConnectionFailure | The number of failed connections | Count | Sum | WorkspaceId | Applicable |
| ConnectionFailure | Count | Sum | Region, DirectoryId | Applicable | |
| ConnectionSuccess | The number of successful connections | Count | Sum | WorkspaceId | Applicable |
| ConnectionSuccess | Count | Sum | Region, DirectoryId | Applicable | |
| InSessionLatency | The round-trip time (RTT) between the WorkSpaces client and the WorkSpace | Milliseconds | Multi | WorkspaceId | Applicable |
| InSessionLatency | Milliseconds | Multi | Region, DirectoryId | Applicable | |
| Maintenance | The number of WorkSpaces that are under maintenance | Count | Sum | WorkspaceId | Applicable |
| Maintenance | Count | Sum | Region, DirectoryId | Applicable | |
| SessionDisconnect | The number of connections that were closed, including user-initiated and failed connections | Count | Sum | WorkspaceId | Applicable |
| SessionDisconnect | Count | Sum | Region, DirectoryId | Applicable | |
| SessionLaunchTime | The amount of time it takes to initiate a WorkSpaces session | Seconds | Multi | WorkspaceId | Applicable |
| SessionLaunchTime | Seconds | Multi | Region, DirectoryId | Applicable | |
| Stopped | The number of WorkSpaces that are stopped | Count | Sum | WorkspaceId | Applicable |
| Stopped | Count | Sum | Region, DirectoryId | Applicable | |
| Unhealthy | The number of WorkSpaces that returned an unhealthy status | Count | Sum | WorkspaceId | Applicable |
| Unhealthy | Count | Sum | Region, DirectoryId | Applicable | |
| UserConnected | The number of WorkSpaces that have a user connected | Count | Sum | WorkspaceId | |
| UserConnected | Count | Sum | Region, DirectoryId | Applicable |
Source: aws-all-services.md¶
title: All AWS cloud services source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-with-aws/aws-all-services scraped: 2026-02-18T05:40:05.281632
All AWS cloud services¶
All AWS cloud services¶
- Overview
- 12-min read
- Updated on Feb 12, 2024
ActiveGate version 1.245+
With AWS monitoring integration, classic (formerly "built-in") services are monitored out-of-the-box. You can also monitor other AWS services that influence the performance of your AWS-hosted applications.
You can receive Amazon CloudWatch metrics for multiple predefined services. You can view graphs per service instance, with a set of dimensions, and create custom graphs that you can pin to your dashboards. You can reduce your CloudWatch costs and throttling by selecting which additional services to monitor. Additionally, for non-classic services, you can choose which metrics you want to monitor.
AWS cloud services monitored by default¶
As a result of AWS monitoring integration, some services are monitored out-of-the-box. Such services are marked as classic.
Amazon Dynamo Database (classic) Amazon EC2 (classic) Amazon EC2 Auto Scaling (classic) AWS Lambda (classic) AWS Application and Network Load Balancer (classic) Elastic Load Balancer (classic) Amazon S3 (classic) Amazon RDS (classic) Amazon EBS (classic)
For information about differences between classic services and other services, see Migrate from AWS classic (formerly 'built-in') services to cloud services.
Other AWS cloud services¶
In addition to cloud services monitored by default, you can monitor other AWS services that affect the performance of your AWS-hosted applications.
Amazon DynamoDB Amazon EBS AWS Lambda Amazon RDS AWS Certificate Manager Private Certificate Authority (ACM PCA) Amazon API Gateway Amazon AppStream 2.0 AWS AppSync AWS App Runner Amazon Athena Amazon Aurora AWS Billing AWS Chatbot Amazon CloudFront AWS CloudHSM (V2) Amazon CloudSearch Amazon CloudWatch Logs AWS API Usage AWS CodeBuild Amazon Cognito Amazon Connect AWS Database Migration Service (AWS DMS) AWS DataSync AWS Direct Connect Amazon DocumentDB Amazon DynamoDB Accelerator (DAX) Amazon EC2 API Amazon EC2 Auto Scaling Amazon EC2 Spot Fleet Amazon ECS Container Insights Amazon ElastiCache AWS Elastic Beanstalk Amazon Elastic Container Service (ECS) Amazon Elastic File System (EFS) Amazon Elastic Inference Amazon Elastic Kubernetes Service (EKS) Amazon Elastic MapReduce (EMR) Amazon Elasticsearch Service (ES) Amazon Elastic Transcoder AWS Elemental MediaConnect AWS Elemental MediaConvert AWS Elemental MediaPackage AWS Elemental MediaTailor Amazon EventBridge Amazon FSx Amazon GameLift AWS Glue Amazon Inspector AWS IoT AWS IoT Analytics AWS IoT Things Graph Amazon Keyspaces (Cassandra) Amazon Kinesis Amazon Lex Amazon MSK (Kafka) Amazon MQ Amazon Neptune AWS OpsWorks Amazon Polly Amazon QLDB Amazon Redshift Amazon Rekognition AWS RoboMaker Amazon Route 53 Amazon Route 53 Resolver Amazon SageMaker AWS Service Catalog Amazon Simple Email Service (SES) Amazon Simple Notification Service (SNS) Amazon Simple Queue Service (SQS) Amazon Simple Storage Service (S3) Amazon Simple Workflow Service (SWF) AWS Step Functions AWS Storage Gateway AWS Systems Manager Run Command Amazon Textract AWS Transfer Family AWS Transit Gateway Amazon Translate AWS Trusted Advisor Amazon VPC NAT Gateways AWS Site-to-Site VPN AWS WAF Classic AWS WAF Amazon WorkMail Amazon WorkSpaces
Cloud services with their respective Dynatrace entity types¶
Not all cloud services have Dynatrace entities created for them and can have tags imported from the cloud. Expand the table below to see cloud services with their respective Dynatrace entity types and to check if they have tags imported from the cloud provider.
List of AWS services with entities and tags¶
For each non-built-in service, the CUSTOM_DEVICE dimension is generated based on the main dimension
| Service | Cloud instance | Tag monitoring and filtering | Dynatrace entity type |
|---|---|---|---|
| Amazon EC2 Auto Scaling (built-in) | AutoScalingGroupName | Applicable | AUTO_SCALING_GROUP |
| AWS Lambda (built-in) | FunctionName | Applicable | AWS_LAMBDA_FUNCTION |
| Amazon Application and Network Load Balancer (built-in) | LoadBalancer | Applicable | AWS_APPLICATION_LOAD_BALANCER |
| Amazon Application and Network Load Balancer (built-in) | LoadBalancer | Applicable | AWS_NETWORK_LOAD_BALANCER |
| Amazon EBS (built-in) | VolumeId | Applicable | EBS_VOLUME |
| Amazon EC2 (built-in) | InstanceId | Applicable | EC2_INSTANCE |
| Amazon Elastic Load Balancer (ELB) (built-in) | LoadBalancerName | Applicable | ELASTIC_LOAD_BALANCER |
| Amazon RDS (built-in) | DBInstanceIdentifier | Applicable | RELATIONAL_DATABASE_SERVICE |
| AWS Certificate Manager Private Certificate Authority | PrivateCAArn | Applicable | cloud:aws:acmprivateca |
| Amazon API Gateway | ApiName | Applicable | cloud:aws:api_gateway |
| AWS App Runner | ServiceName | Applicable | cloud:aws:app_runner |
| Amazon AppStream | Fleet | Applicable | cloud:aws:appstream |
| AWS AppSync | GraphQLAPIId | Applicable | cloud:aws:appsync |
| Amazon Athena | WorkGroup | Applicable | cloud:aws:athena |
| Amazon Aurora | DBClusterIdentifier | Applicable | cloud:aws:aurora |
| Amazon EC2 Auto Scaling | AutoScalingGroupName | - | cloud:aws:autoscaling |
| Amazon CloudFront | DistributionId | Applicable | cloud:aws:cloud_front |
| AWS CloudHSM | ClusterId | Applicable | cloud:aws:cloudhsm |
| Amazon CloudSearch | DomainName | - | cloud:aws:cloudsearch |
| AWS CodeBuild | ProjectName | Applicable | cloud:aws:codebuild |
| AWS DataSync | TaskId | Applicable | cloud:aws:datasync |
| Amazon DynamoDB Accelerator (DAX) | ClusterId | Applicable | cloud:aws:dax |
| AWS Database Migration Service (AWS DMS) | ReplicationInstanceIdentifier | Applicable | cloud:aws:dms |
| Amazon DocumentDB | DBClusterIdentifier | Applicable | cloud:aws:documentdb |
| AWS Direct Connect | ConnectionId | Applicable | cloud:aws:dxcon |
| Amazon DynamoDB | TableName | Applicable | cloud:aws:dynamodb |
| Amazon EBS | VolumeId | Applicable | cloud:aws:ebs |
| Amazon EC2 Spot Fleet | FleetRequestId | - | cloud:aws:ec2_spot |
| Amazon Elastic Container Service (ECS) | ClusterName | Applicable | cloud:aws:ecs |
| Amazon ECS Container Insights | ClusterName | Applicable | cloud:aws:ecs:cluster |
| Amazon Elastic File System (EFS) | FileSystemId | Applicable | cloud:aws:efs |
| Amazon Elastic Kubernetes Service (EKS) | ClusterName | Applicable | cloud:aws:eks:cluster |
| Amazon ElastiCache (EC) | CacheClusterId | Applicable | cloud:aws:elasticache |
| AWS Elastic Beanstalk | EnvironmentName | Applicable | cloud:aws:elasticbeanstalk |
| Amazon Elastic Transcoder | PipelineId | - | cloud:aws:elastictranscoder |
| Amazon Elasticsearch Service (ES) | DomainName | Applicable | cloud:aws:es |
| Amazon EventBridge | EventBusName | Applicable | cloud:aws:events |
| Amazon FSx | FileSystemId | Applicable | cloud:aws:fsx |
| Amazon GameLift | FleetId | - | cloud:aws:gamelift |
| AWS Glue | JobName | Applicable | cloud:aws:glue |
| Amazon Inspector | AssessmentTemplateArn | Applicable | cloud:aws:inspector |
| Amazon Managed Streaming for Kafka | Cluster Name | Applicable | cloud:aws:kafka |
| AWS Lambda | FunctionName | Applicable | cloud:aws:lambda |
| Amazon Lex | BotName | Applicable | cloud:aws:lex |
| Amazon CloudWatch Logs | LogGroupName | Applicable | cloud:aws:logs |
| AWS Elemental MediaTailor | ConfigurationName | Applicable | cloud:aws:media_tailor |
| AWS Elemental MediaConnect | FlowARN | - | cloud:aws:mediaconnect |
| AWS Elemental MediaPackage Live | Channel | Applicable | cloud:aws:mediapackagelive |
| AWS Elemental MediaPackage Video on Demand | PackagingConfiguration | Applicable | cloud:aws:mediapackagevod |
| Amazon VPC NAT Gateways | NatGatewayId | Applicable | cloud:aws:nat_gateway |
| Amazon Neptune | DBClusterIdentifier | Applicable | cloud:aws:neptune |
| AWS OpsWorks | StackId | Applicable | cloud:aws:opsworks |
| Amazon QLDB | LedgerName | Applicable | cloud:aws:qldb |
| Amazon RDS | DBInstanceIdentifier | Applicable | cloud:aws:rds |
| Amazon Redshift | ClusterIdentifier | Applicable | cloud:aws:redshift |
| AWS RoboMaker | SimulationJobId | Applicable | cloud:aws:robomaker |
| Amazon Route 53 | HostedZoneId | Applicable | cloud:aws:route53 |
| Amazon Route 53 Resolver | EndpointId | Applicable | cloud:aws:route53resolver |
| Amazon SageMaker Endpoints | EndpointName | Applicable | cloud:aws:sage_maker:endpoint |
| Amazon SageMaker Endpoint Instances | EndpointName | Applicable | cloud:aws:sage_maker:endpoint_instance |
| Amazon Simple Notification Service (SNS) | TopicName | Applicable | cloud:aws:sns |
| Amazon Simple Queue Service (SQS) | QueueName | Applicable | cloud:aws:sqs |
| AWS Storage Gateway | GatewayName | Applicable | cloud:aws:storagegateway |
| Amazon SWF | Domain | - | cloud:aws:swf |
| AWS Transfer Family | ServerId | Applicable | cloud:aws:transfer |
| AWS Transit Gateway | TransitGateway | Applicable | cloud:aws:transitgateway |
| AWS Site-to-Site VPN | VpnId | Applicable | cloud:aws:vpn |
| Amazon WorkMail | OrganizationId | Applicable | cloud:aws:workmail |
| Amazon WorkSpaces | WorkspaceId | Applicable | cloud:aws:workspaces |
Configuration API¶
To list all AWS-supported services on your cluster by the current version, use the AWS-supported services API.
Monitoring consumption¶
As of 2021, all cloud services consume DDUs. The amount of DDU consumption per service instance depends on the number of monitored metrics and their dimensions (each metric dimension results in the ingestion of 1 data point; 1 data point consumes 0.001 DDUs).
Source: aws-log-forwarder.md¶
title: Log monitoring with AWS log forwarder source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-with-aws/aws-logs-ingest/aws-log-forwarder scraped: 2026-02-17T05:04:39.407391
Log monitoring with AWS log forwarder¶
Log monitoring with AWS log forwarder¶
- How-to guide
- 13-min read
- Updated on May 08, 2024
- Deprecated
Deprecation and end of support for AWS log forwarder
The Dynatrace AWS log forwarder is now deprecated in favor of the new Stream logs via Amazon Data Firehose, which allows ingesting cloud logs directly without any additional infrastructure and with increased throughput. To check the available alternative integrations, see Set up Dynatrace on Amazon Web Services.
End of support for the Dynatrace AWS log forwarder is planned for Dec 31, 2024.
DDU consumption for Log Monitoring
DDU pricing applies to cloud Log Monitoring. See DDUs for Log Monitoring for details.
AWS log forwarding allows you to stream logs from Amazon CloudWatch into Dynatrace logs via an ActiveGate.
Resources needed¶
To enable AWS log forwarding, you need to deploy our special-purpose CloudFormation stack into your AWS account. The stack consists of a Kinesis Firehose instance and a Lambda function. These resources incur AWS costs according to standard AWS billing policy. The same applies to included self-monitoring resources (CloudWatch dashboards and metrics).
Supported services
| Service name | CloudWatch log forwarding | Log enrichment | Entity linking |
|---|---|---|---|
| AWS Lambda | Applicable | Applicable | Applicable |
| AWS App Runner | Applicable | Applicable | Applicable |
| AWS CloudTrail 1 | Applicable | Applicable | - |
| Amazon API Gateway | Applicable | Applicable | - |
| Amazon SNS | Applicable | Applicable | Applicable |
| Amazon RDS | Applicable | Applicable | Applicable |
| All services that write to CloudWatch | Applicable | Applicable | - |
1
AWS CloudTrail log group name is chosen by user. For log enrichment, start the log group name with aws-cloudtrail-logs.
Limitations¶
AWS log forwarder supports maximum 1 GB of data processing per hour in the default configuration.
- To measure the throughput, look for these Kinesis metrics in CloudWatch or check the dashboards provided by the deployed stack:
Delivery - log entriesandDelivery - data volume. - To measure the latency, look for
Kinesis - record age.
For scaling recommendations, see the scaling guide below.
Prerequisites¶
If you're using an earlier version of Dynatrace, see Alternative deployments for instructions.
Dynatrace¶
- Enable generic log ingestion
- Create an API token with Ingest logs (API v2) permission
CLI¶
- You can run the deployment from AWS CloudShell or from any machine with AWS CLI installed that supports Bash script execution.
The deployment script uses the default AWS CLI profile configuration. The profile will determine the AWS account and region. To change the account or region:
- Use a different profile - in this case, you need to update your configuration file.
- Overwrite the default profile temporarily (this option is limited to your shell session) using environment variables.
Permission policy¶
You need the following permissions to run the deployment script:
Permissions policy for deployment
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"cloudformation:CreateChangeSet",
"cloudformation:ExecuteChangeSet",
"cloudformation:DescribeChangeSet",
"cloudformation:DescribeStackEvents",
"cloudformation:DescribeStacks",
"cloudformation:GetTemplateSummary",
"ec2:DescribeImages",
"s3:CreateBucket",
"s3:PutLifecycleConfiguration",
"s3:PutBucketPublicAccessBlock",
"iam:GetRole",
"iam:CreateRole",
"iam:AttachRolePolicy",
"iam:PutRolePolicy",
"iam:GetRolePolicy",
"iam:PassRole",
"lambda:CreateFunction",
"lambda:UpdateFunctionCode",
"lambda:GetFunction",
"lambda:GetFunctionCodeSigningConfig",
"cloudwatch:PutDashboard",
"cloudwatch:GetDashboard",
"firehose:DescribeDeliveryStream",
"firehose:CreateDeliveryStream",
"firehose:ListTagsForDeliveryStream",
"logs:DeleteSubscriptionFilter",
"logs:DescribeLogGroups",
"logs:PutSubscriptionFilter",
"ssm:GetParameters"
],
"Resource": "*"
}
]
}
Deploy¶
-
Set the following environment variables, making sure to replace the placeholders (
<...>) with your own values. -
For
TARGET_URL, enter your environment URL:https://<your_environment_ID>.live.dynatrace.com. To learn how to determine your environment ID for the SaaS or Managed deployment, see environment ID. - For
TARGET_API_TOKEN, enter your API token. For instructions, see Prerequisites. - Optional For
STACK_NAME, the default value isdynatrace-aws-logs. To provide another name for the CloudFormation stack where you want to deploy the resources, replace the default value with your own.
wget -O dynatrace-aws-log-forwarder.zip https://github.com/dynatrace-oss/dynatrace-aws-log-forwarder/releases/latest/download/dynatrace-aws-log-forwarder.zip \
&& unzip -qo dynatrace-aws-log-forwarder.zip \
&& ./dynatrace-aws-logs.sh deploy --target-url $TARGET_URL --target-api-token $TARGET_API_TOKEN --stack-name $STACK_NAME --require-valid-certificate true
Subscribe to log groups¶
After deploying the infrastructure, you need to subscribe to the log groups whose logs you want to forward to Dynatrace.
To subscribe to log groups, you have the options described below.
Use parameter [--stack-name <your_stack_name>] in case you changed the default value during deployment.
Subscribe by listing log group names¶
Usage recommendation: Use this option if the number of log groups you'd like to subscribe to is small.
To subscribe: Run the command below, making sure to replace <your_log_group_list> with a space-separated list of the log group names you want to subscribe to.
Example list: /aws/lambda/my-lambda /aws/apigateway/my-api
Subscribe by reading log groups from file¶
Usage recommendation: Use this option if the number of log groups you'd like to subscribe to is large.
- Create a file and enter each log group name on a separate line.
- Save the file.
- Run the command below, making sure to replace
<your_file_name>with the actual file name.
Log groups auto-discovery
To simplify file creation, you can use the auto-discovery command below to list the names of all log groups in your account. You can adjust the list manually before subscribing.
Be sure to replace <your_log_groups_file> with the name of the file to which you want to redirect the output.
Subscribe with a subscription filter pattern¶
Usage recommendation: By default, you subscribe to all the logs in the log group. Use this option if you want to restrict the logs you subscribe to. See Filter and Pattern Syntax for details on the pattern syntax.
Limitation: You can use only two subscription filters per log group, so the possibility of creating multiple filters with different patterns is limited. If you create a subscription filter that exceeds the limit, an AWS LimitExceededException occurs.
To subscribe: Run the command below, making sure to replace <your_log_group_list> and <your_filter_pattern> with your own values.
./dynatrace-aws-logs.sh subscribe --log-groups <your_log_group_list> --filter-pattern <your_filter_pattern>
Subscription usage and options
For additional subscription options, see the commands below.
Consult the Subscription table for the commands below when replacing placeholders (<...>) with your own values.
dynatrace-aws-logs.sh subscribe {--log-groups <your_log_group_list> | --log-groups-from-file <your_file_name>}
[--stack-name <your_stack_name>] [--filter-pattern <your_filter_pattern>] [--role-arn ROLE_ARN] [--firehose-arn FIREHOSE_ARN]
Subscription table¶
| Command-line parameter | Environment variable | Description | Default value |
|---|---|---|---|
--log-groups |
LOG_GROUPS_LIST |
A space-separated list of log group names you want to subscribe to. For example: /aws/lambda/my-lambda /aws/apigateway/my-api. |
|
--log-groups-from-file |
LOG_GROUPS_FILE |
A file listing the log groups you want to subscribe to. The file should contain each log group name on a separate line. | |
--filter-pattern |
FILTER_PATTERN |
If set, it allows you to subscribe to a filtered stream of logs. | You subscribe to all logs in the log group. |
--stack-name |
STACK_NAME |
The name of the CloudFormation stack where you have deployed the resources. | dynatrace-aws-logs |
--firehose-arn |
FIREHOSE_ARN |
Specify to which Amazon Data Firehose the logs should be streamed by providing its ARN (Amazon Resource Name). Usage recommendation: Set this option if you have permission or performance issues with CloudFormation. | It will be extracted from the output of the CloudFormation stack used in the deploy step: either the $DEFAULT_STACK_NAME default value or the one specified with the --stack-name <your_stack_name> option. |
--role-arn |
ROLE_ARN |
The ARN of an IAM role that grants CloudWatch Logs permission to deliver ingested log events to the destination stream. Usage recommendation: Set this option if you have permission or performance issues with CloudFormation. | It will be extracted from the output of the CloudFormation stack used in the deploy step: either the $DEFAULT_STACK_NAME default value or the one specified with the --stack-name <your_stack_name> option. |
Unsubscribe from log groups¶
If you don't want to forward logs to Dynatrace anymore, use one of the two options below to unsubscribe from log groups.
Unsubscribe by listing the log group names¶
Run the command below, making sure to replace <your_log_group_list> with a space-separated list of the log group names you want to unsubscribe from.
Unsubscribe by reading log groups from a file¶
Run the command below, making sure to replace <your_file_name> with the file name you created to subscribe by reading log groups from file.
Unsubscribe usage and options
For additional unsubscribe options, see the commands below.
Consult the Unsubscribe table for the commands below when replacing the placeholders (<...>) with your own values.
dynatrace-aws-logs.sh unsubscribe {--log-groups <your_log_group_list> | --log-groups-from-file <your_file_name>} [--stack-name <your_stack_name>]
Unsubscribe table¶
| Command-line parameter | Environment variable | Description | Default value |
|---|---|---|---|
--log-groups |
LOG_GROUPS_LIST |
A space-separated list of log group names you want to unsubscribe from. For example: /aws/lambda/my-lambda /aws/apigateway/my-api. |
|
--log-groups-from-file |
LOG_GROUPS_FILE |
A file listing log groups you want to unsubscribe from, with each log group name on a separate line. | |
--stack-name |
STACK_NAME |
The name of the CloudFormation stack where you have deployed the resources. | dynatrace-aws-logs |
Update to new version¶
To replace your old stack with a new version of the AWS log forwarder stack, deploy the new stack using the same parameters that you used before (especially the stack name, if you changed it from the default value).
Alternative deployments¶
If you don't want to use direct ingest through the Cluster API, you need to use an existing ActiveGate version 1.217+. The ActiveGate must be available publicly. The stack will be created without a dedicated ActiveGate if you choose this option.
Although the Log Forwarder will still work without self-monitoring metrics, it is recommended to have them also ingested into CloudWatch. Therefore, internet access to AWS endpoints is required.
See below for instructions.
Deploy with existing ActiveGate¶
Prerequisites
Dynatrace version 1.217+
- Dynatrace requirements
- CLI requirements
- You need the following permission policy:
Permissions policy for deployment with an existing ActiveGate
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"cloudformation:CreateChangeSet",
"cloudformation:ExecuteChangeSet",
"cloudformation:DescribeChangeSet",
"cloudformation:DescribeStackEvents",
"cloudformation:DescribeStacks",
"cloudformation:GetTemplateSummary",
"ec2:DescribeImages",
"s3:CreateBucket",
"s3:PutLifecycleConfiguration",
"s3:PutBucketPublicAccessBlock",
"iam:GetRole",
"iam:CreateRole",
"iam:AttachRolePolicy",
"iam:PutRolePolicy",
"iam:GetRolePolicy",
"iam:PassRole",
"lambda:CreateFunction",
"lambda:UpdateFunctionCode",
"lambda:GetFunction",
"lambda:GetFunctionCodeSigningConfig",
"cloudwatch:PutDashboard",
"cloudwatch:GetDashboard",
"firehose:DescribeDeliveryStream",
"firehose:CreateDeliveryStream",
"firehose:ListTagsForDeliveryStream",
"logs:DeleteSubscriptionFilter",
"logs:DescribeLogGroups",
"logs:PutSubscriptionFilter",
"ssm:GetParameters"
],
"Resource": "*"
}
]
}
-
Set the following environment variables, making sure to replace the placeholders (
<...>) with your own values, as follows. -
For
TARGET_URL, enter the API URL of your ActiveGate endpoint:https://<your_activegate_IP_or_hostname>:9999/e/<your_environment_ID>. To learn how to determine your environment ID, see environment ID. - For
TARGET_API_TOKEN, enter your API token. For instructions, see Prerequisites.
If you want Dynatrace to verify the SSL certificate of your Dynatrace environment URL, you can set REQUIRE_VALID_CERTIFICATE to true.
wget -O dynatrace-aws-log-forwarder.zip https://github.com/dynatrace-oss/dynatrace-aws-log-forwarder/releases/latest/download/dynatrace-aws-log-forwarder.zip \
&& unzip -qo dynatrace-aws-log-forwarder.zip \
&& ./dynatrace-aws-logs.sh deploy --target-url $TARGET_URL --target-api-token $TARGET_API_TOKEN --require-valid-certificate $REQUIRE_VALID_CERTIFICATE
Deployment usage and options
For additional deployment options, see the command below.
dynatrace-aws-logs.sh deploy --target-url <your_API_URL> --target-api-token <your_API_token> [--require-valid-certificate {true|false}] [--stack-name <your_stack_name>] [--max-log-length <max_log_content_length>] [--tags <value> [<value>...] ]
For a complete list of parameters, see the deploy table below.
Deploy table¶
| Command-line parameter | Environment variable | Description | Default value | ||||
|---|---|---|---|---|---|---|---|
--target-url |
TARGET_URL |
Required The API URL to your Dynatrace SaaS environment logs ingest target. If you choose to use an existing environment ActiveGate, set it to your ActiveGate endpoint: https://<your_activegate_IP_or_hostname>:9999/e/<your_environment_ID> Note: To determine <your_environment_ID>, see environment ID. |
|||||
--target-api-token |
TARGET_API_TOKEN |
Required Your API token. For instructions, see Prerequisites. | |||||
--require-valid-certificate |
REQUIRE_VALID_CERTIFICATE |
Optional If true, the log forwarder Lambda function verifies the SSL certificate of your Dynatrace environment URL. |
false |
||||
--stack-name |
STACK_NAME |
Optional The name of the CloudFormation stack where you want to deploy the resources. | dynatrace-aws-logs |
||||
--max-log-length |
MAX_LOG_CONTENT_LENGTH |
Optional Log content's max length. If log exceeds this length it will be truncated. For values over 8192 there's also a change in Dynatrace settings neededâyou need to contact a Dynatrace product expert via live chat within your environment. | 8192 |
||||
--tags |
TAGS |
Optional A list of tags to associate with the stack that is created or updated. Syntax: TagKey1=TagValue1 TagKey2=TagValue2 ⦠|
Verification¶
You can use the verification methods provided below to fix an unsuccessful deployment process.
Verify deployment status¶
To verify deployment correctness
- In AWS Console, go to CloudFormation.
- Select your log forwarder stack from the list on the left by stack name (the default value is
dynatrace-aws-logs). -
If you find any issues or discrepancies in any of the fields below, select Delete to delete the stack, and then repeat the deployment process.
-
In Stack info, check the stack status; it should be
CREATE_COMPLETE. - In Parameters, check if the parameter values are consistent with the values you provided during deployment.
- In Events, look for any events with a failed status.
Verify connectivity status¶
To verify AWS log forwarder connectivity and inspect operational logs
- In AWS Console, go to CloudWatch Dashboards.
- Find the self-monitoring dashboard for AWS log forwarding. It will have a name like
DynatraceLogForwarder-SelfMonitoring-eu-north-1-dynatrace-aws-logs, where the middle part is the AWS region and the last part is the stack name you chose (the default isdynatrace-aws-logs). - Inspect the dashboard for any obvious issues.
- Go to CloudFormation.
- Select your log forwarder stack from the list on the left by stack name (the default value is
dynatrace-aws-logs). - Select the Resources tab and then select the link next to
Lambda. - On the Lambda screen, select the Monitor tab and then select Logs.
- Select one of the listed log streams and look for exceptions in the logs.
Scaling guide¶
To scale up the default throughput, we recommend increasing the Lambda Function's memory and the number of provisioned instances to run concurrently. The values to use depend on the actual load. The following are the maximum tested and supported values.
| Maximum throughput | Lambda memory | Number of instances |
|---|---|---|
up to 15 MB/minute (1 GB/hour) |
256 MB |
1 |
up to 500 MB/minute (30 GB/hour) |
1024 MB |
5 |
As a last resort, scale horizontally: deploy more integrations and subscribe each of them to different log groups to distribute the load.
Uninstall AWS log forwarding¶
To uninstall AWS log forwarding
- Unsubscribe all log groups. You can use the log groups auto-discovery method described in Subscribe by reading log groups from file and pass the auto-discovery output file to the unsubscribe command. See Unsubscribe from log groups for details.
- In AWS Console, go to your CloudFormation stack.
- Select the Resources tab and navigate to the
DeliveryBucketS3 bucket. - Remove all objects in the bucket.
- Go back to the CloudFormation stack and select Delete.
Source: aws-migration-guide.md¶
title: Migrate from AWS classic (formerly 'built-in') services to cloud services source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-with-aws/cloudwatch-metrics/aws-migration-guide scraped: 2026-02-18T05:43:39.560793
Migrate from AWS classic (formerly 'built-in') services to cloud services¶
Migrate from AWS classic (formerly 'built-in') services to cloud services¶
- How-to guide
- 9-min read
- Updated on Jun 27, 2024
From the AWS overview page, you can access Dynatrace classic services and cloud services for AWS monitoring. Both types of services share the same AWS resources. However, classic services use a predefined set of metrics, so configuring which metrics to monitor, or determining which ones are already monitored, is not supported.
Classic services vs cloud services¶
As previously mentioned, classic services and cloud services share the same AWS resources. However, cloud services support a wider range of configuration options, such as new metrics and customizable monitored metrics. To give you more customization options, weâve started the following:
- Adding more services to the Cloud services section so you can customize which metrics you want to monitor.
- Adding more metrics for cloud services; not only are they configurable, but you can now monitor much more than before.
- Replacing the classic services with cloud services that have more configuration options regarding metrics.

If you're using classic services, we recommend migrating to cloud services to take advantage of the wider range of customizable configuration options.
AWS Lambda
If you're using OneAgent integration for your Lambdas, we recommend Lambda migration. Since the release of Dynatrace version 1.283, we show data for the new Lambda service together with OneAgent data on the Lambda service page.
Impact of the migration¶
Even though classic and cloud services monitor the same AWS resources on Dynatrace side, they are monitored as two different entities.
- They have different entity IDs and metric keys.
- Due to their different implementations, they may detect different numbers of instances. Cloud services show only instances with metrics.
- Data for each Dynatrace entity type is collected and stored separately.
Breaking change You need to adapt the configuration of dashboards, alerts, and management zones based on entity ID or metric keys with the monitored service type.
You currently have the option to choose from a classic or cloud service to preserve historical data, but be aware of the following:
- Historical data is persisted on the classic services. If you switch back, monitored data will present gaps for the period in which the resources were monitored via the cloud service.
- You canât have both of them turned on simultaneously. Even though on the Dynatrace side theyâre two different services, the legacy and new versions monitor the same AWS resource. If you had two versions switched on simultaneously, you would be charged double for polling the same data twice.
- If you turn on the new version, the classic version is turned off automatically, and vice versa.
-
There is no direct link between
-
Entities containing historical and new data.
- Cloud service data and data coming from OneAgent for opaque Amazon RDSânot linked to the new cloud service page with CloudWatch metrics.
- Logs from Amazon Data Firehose to Amazon RDS are still being linked to the historical data and entity
RELATIONAL_DATABASE_SERVICE. -
Events or problems that would have been auto-detected on the historical (classic) data might not be automatically raised. Alerting rules are not provided for these cloud services:
-
Amazon RDS
- Amazon EBS
- AWS Lambdaâpredefined metric event configuration is provided but needs to be manually enabled.
To monitor cloud services, you need to have Environment ActiveGate configured.
Changes in the UI¶
Your AWS overview page changes after configuring a new version of a service.
For example, letâs have a look at Amazon EBS.
- If the legacy Amazon EBS (classic) service is configured, this is what the EBS volumes section of the AWS overview looks like.
* If the Amazon EBS cloud service is configured, this is what the EBS volumes section of the AWS overview looks like.
* Select Cloud services to find new overview pages for the services.
* Additionally, you can configure metrics for cloud services via the web UI.


Cloud services and their corresponding classic services¶
| new Cloud service | old Classic service |
|---|---|
| Amazon EC2 Auto Scaling | Amazon EC2 Auto Scaling (classic) |
| Amazon DynamoDB | Amazon DynamoDB (classic) |
| Amazon EBS | Amazon EBS (classic) |
| AWS Lambda | AWS Lambda (classic) |
| Amazon RDS | Amazon RDS (classic) |
Metrics migration¶
Below you can find tables with classic services metrics and their corresponding cloud services metrics. Empty cells indicate the lack of an identical corresponding metric.
You can find more details about accessing these in Grail on this page.
The ext: prefix is used by metrics from OneAgent extensions and ActiveGate extensions, and also by classic metrics for AWS integration.
Despite the naming similarities, AWS integration metrics are not based on extensions.
Amazon Auto scaling group¶
| Classic service metric name | Classic service metric key | Cloud service metric name | Cloud service metric key |
|---|---|---|---|
| Number of running EC2 instances (ASG) | builtin:cloud.aws.asg.running | - | - |
| Number of stopped EC2 instances (ASG) | builtin:cloud.aws.asg.stopped | - | - |
| Number of terminated EC2 instances (ASG) | builtin:cloud.aws.asg.terminated | - | - |
Amazon DynamoDB¶
| Classic service metric name | Classic service metric key | Cloud service metric name | Cloud service metric key |
|---|---|---|---|
| DynamoDB read capacity units | builtin:cloud.aws.dynamo.capacityUnits.consumed.read | ConsumedReadCapacityUnits Sum | ext:cloud.aws.dynamodb.consumedReadCapacityUnitsSum ext:cloud.aws.dynamodb.consumedReadCapacityUnitsByGlobalSecondaryIndexName |
| DynamoDB write capacity units | builtin:cloud.aws.dynamo.capacityUnits.consumed.write | ConsumedWriteCapacityUnits Sum | ext:cloud.aws.dynamodb.consumedWriteCapacityUnitsSum ext:cloud.aws.dynamodb.consumedWriteCapacityUnitsSumByGlobalSecondaryIndexName |
| DynamoDB provisioned read capacity units | builtin:cloud.aws.dynamo.capacityUnits.provisioned.read | ProvisionedReadCapacityUnits Sum | ext:cloud.aws.dynamodb.provisionedReadCapacityUnitsSum ext:cloud.aws.dynamodb.provisionedReadCapacityUnitsSumByGlobalSecondaryIndexName |
| DynamoDB provisioned write capacity units | builtin:cloud.aws.dynamo.capacityUnits.provisioned.write | ProvisionedWriteCapacityUnits Sum | ext:cloud.aws.dynamodb.provisionedWriteCapacityUnitsSum ext:cloud.aws.dynamodb.provisionedWriteCapacityUnitsSumByGlobalSecondaryIndexName |
| DynamoDB read capacity units % | builtin:cloud.aws.dynamo.capacityUnits.read | calculated | 100 * ext:cloud.aws.dynamodb.consumedReadCapacityUnitsSum / ext:cloud.aws.dynamodb.provisionedReadCapacityUnitsSum |
| DynamoDB write capacity units % | builtin:cloud.aws.dynamo.capacityUnits.write | calculated | 100 * ext:cloud.aws.dynamodb.consumedWriteCapacityUnitsSum / ext:cloud.aws.dynamodb.provisionedWriteCapacityUnitsSum |
| DynamoDB number of requests with HTTP 500 status code | builtin:cloud.aws.dynamo.errors.system | SystemErrors Sum (by Operation) | ext:cloud.aws.dynamodb.SystemErrorsSumByOperation |
| DynamoDB number of requests with HTTP 400 status code | builtin:cloud.aws.dynamo.errors.user | UserErrors Sum (by Region) | ext:cloud.aws.dynamodb.UserErrorsSum |
| DynamoDB number of successful request latency for operation | builtin:cloud.aws.dynamo.requests.latency | SuccessfulRequestLatency (by Operation) | ext:cloud.aws.dynamodb.successfulRequestLatencyByOperation |
| DynamoDB number of items returned by operation | builtin:cloud.aws.dynamo.requests.returnedItems | ReturnedItemCount Sum (by Operation) | ext:cloud.aws.dynamodb.returnedItemCountSumByOperation |
| DynamoDB number of throttled requests for operation | builtin:cloud.aws.dynamo.requests.throttled | ThrottledRequests Sum (by Operation) | ext:cloud.aws.dynamodb.ThrottledRequestsSumByOperation |
| DynamoDB number of read throttled events | builtin:cloud.aws.dynamo.throttledEvents.read | ReadThrottleEvents Sum | ext:cloud.aws.dynamodb.ReadThrottleEventsSum ext:cloud.aws.dynamodb.ReadThrottleEventsSumByGlobalSecondaryIndexName |
| DynamoDB number of write throttled events | builtin:cloud.aws.dynamo.throttledEvents.write | WriteThrottleEvents Sum | ext:cloud.aws.dynamodb.WriteThrottleEventsSum ext:cloud.aws.dynamodb.WriteThrottleEventsSumByGlobalSecondaryIndexName |
| Number of tables for AvailabilityZone | builtin:cloud.aws.dynamo.tables | - | - |
Amazon EBS¶
| Classic service metric name | Classic service metric key | Cloud service metric name | Cloud service metric key |
|---|---|---|---|
| EBS volume read latency | builtin:cloud.aws.ebs.latency.read | - | - |
| EBS volume write latency | builtin:cloud.aws.ebs.latency.write | - | - |
| EBS volume consumed OPS | builtin:cloud.aws.ebs.ops.consumed | VolumeConsumedReadWriteOps Sum | ext:cloud.aws.ebs.volumeConsumedReadWriteOps |
| EBS volume read OPS | builtin:cloud.aws.ebs.ops.read | VolumeReadOps Sum | ext:cloud.aws.ebs.volumeReadOpsSum |
| EBS volume write OPS | builtin:cloud.aws.ebs.ops.write | VolumeWriteOps Sum | ext:cloud.aws.ebs.volumeWriteOpsSum |
| EBS volume throughput % | builtin:cloud.aws.ebs.throughput.percent | VolumeThroughputPercentage | ext:cloud.aws.ebs.volumeThroughputPercentage |
| EBS volume read throughput | builtin:cloud.aws.ebs.throughput.read | calculated | ext:cloud.aws.ebs.volumeReadBytes / ext:cloud.aws.ebs.volumeTotalReadTime |
| EBS volume write throughput | builtin:cloud.aws.ebs.throughput.write | calculated | ext:cloud.aws.ebs.volumeWriteBytes / ext:cloud.aws.ebs.volumeTotalWriteTime |
| EBS volume idle time % | builtin:cloud.aws.ebs.idleTime | - | - |
| EBS volume queue length | builtin:cloud.aws.ebs.queue | VolumeQueueLength Sum | ext:cloud.aws.ebs.volumeQueueLengthSum |
AWS Lambda¶
| Classic service metric name | Classic service metric key | Cloud service metric name | Cloud service metric key |
|---|---|---|---|
| LambdaFunction concurrent executions count | builtin:cloud.aws.lambda.concExecutions | ConcurrentExecutions Sum | ext:cloud.aws.lambda.concurrentExecutionsSum ext:cloud.aws.lambda.concurrentExecutionsSumByResource ext:cloud.aws.lambda.concurrentExecutionsSumByRegion |
| LambdaFunction code execution time. | builtin:cloud.aws.lambda.duration | Duration | ext:cloud.aws.lambda.duration ext:cloud.aws.lambda.durationByResource ext:cloud.aws.lambda.durationByRegion |
| LambdaFunction number of failed invocations with HTTP 4XX status code | builtin:cloud.aws.lambda.errors | Errors Sum | ext:cloud.aws.lambda.errorsSum ext:cloud.aws.lambda.errorsSumByResource ext:cloud.aws.lambda.errorsSumByRegion |
| LambdaFunction rate of failed invocations to all invocations % | builtin:cloud.aws.lambda.errorsRate | calculated | 100 * ext:cloud.aws.lambda.errorsSum / ext:cloud.aws.lambda.invocationsSum |
| LambdaFunction number of times a function is invoked | builtin:cloud.aws.lambda.invocations | Invocations Sum | ext:cloud.aws.lambda.invocationsSum ext:cloud.aws.lambda.invocationsSumByResource ext:cloud.aws.lambda.invocationsSumByRegion |
| LambdaFunction provisioned concurrent executions count | builtin:cloud.aws.lambda.provConcExecutions | ProvisionedConcurrentExecutions Sum | ext:cloud.aws.lambda.provisionedConcurrentExecutionsSum ext:cloud.aws.lambda.provisionedConcurrentExecutionsSumByResource ext:cloud.aws.lambda.provisionedConcurrentExecutionsSumByRegion |
| LambdaFunction provisioned concurrency invocation count | builtin:cloud.aws.lambda.provConcInvocations | ProvisionedConcurrencyInvocations Sum | ext:cloud.aws.lambda.provisionedConcurrencyInvocationsSum ext:cloud.aws.lambda.provisionedConcurrencyInvocationsSumByResource ext:cloud.aws.lambda.provisionedConcurrencyInvocationsSumByRegion |
| LambdaFunction provisioned concurrency spillover invocation count | builtin:cloud.aws.lambda.provConcSpilloverInvocations | ProvisionedConcurrencySpilloverInvocations Sum | ext:cloud.aws.lambda.provisionedConcurrencySpilloverInvocationsSum ext:cloud.aws.lambda.provisionedConcurrencySpilloverInvocationsSumByResource ext:cloud.aws.lambda.provisionedConcurrencySpilloverInvocationsSumByRegion |
| LambdaFunction throttled function invocation count | builtin:cloud.aws.lambda.throttlers | Throttles Sum | ext:cloud.aws.lambda.throttlesSum ext:cloud.aws.lambda.throttlesSumByResource ext:cloud.aws.lambda.throttlesSumByRegion |
Amazon RDS¶
| Classic service metric name | Classic service metric key | Cloud service metric name | Cloud service metric key |
|---|---|---|---|
| RDS CPU usage % | builtin:cloud.aws.rds.cpu.usage | CPUUtilization | ext:cloud.aws.rds.cpuUtilization ext:cloud.aws.rds.cpuUtilizationByRegionDatabaseClass ext:cloud.aws.rds.cpuUtilizationByRegionDBClusterIdentifier ext:cloud.aws.rds.cpuUtilizationByRegion ext:cloud.aws.rds.cpuUtilizationByRegionEngineName ext:cloud.aws.rds.cpuUtilizationByRegionDBClusterIdentifierRole |
| RDS read latency | builtin:cloud.aws.rds.latency.read | ReadLatency | ext:cloud.aws.rds.readLatency ext:cloud.aws.rds.readLatencyByRegionDatabaseClass ext:cloud.aws.rds.readLatencyByRegionDBClusterIdentifier ext:cloud.aws.rds.readLatencyByRegion ext:cloud.aws.rds.readLatencyByRegionEngineName ext:cloud.aws.rds.readLatencyByRegionDBClusterIdentifierRole |
| RDS write latency | builtin:cloud.aws.rds.latency.write | WriteLatency | ext:cloud.aws.rds.writeLatency ext:cloud.aws.rds.writeLatencyByRegionDatabaseClass ext:cloud.aws.rds.writeLatencyByRegionDBClusterIdentifier ext:cloud.aws.rds.writeLatencyByRegion ext:cloud.aws.rds.writeLatencyByRegionEngineName ext:cloud.aws.rds.writeLatencyByRegionDBClusterIdentifierRole |
| RDS freeable memory | builtin:cloud.aws.rds.memory.freeable | FreeableMemory | ext:cloud.aws.rds.freeableMemory ext:cloud.aws.rds.freeableMemoryByRegionDatabaseClass ext:cloud.aws.rds.freeableMemoryByRegionDBClusterIdentifier ext:cloud.aws.rds.freeableMemoryByRegion ext:cloud.aws.rds.freeableMemoryByRegionEngineName ext:cloud.aws.rds.freeableMemoryByRegionDBClusterIdentifierRole |
| RDS swap usage | builtin:cloud.aws.rds.memory.swap | SwapUsage | ext:cloud.aws.rds.swapUsage ext:cloud.aws.rds.swapUsageByRegionDatabaseClass ext:cloud.aws.rds.swapUsageByRegionDBClusterIdentifier ext:cloud.aws.rds.swapUsageByRegion ext:cloud.aws.rds.swapUsageByRegionEngineName ext:cloud.aws.rds.swapUsageByRegionDBClusterIdentifierRole |
| RDS network received throughput | builtin:cloud.aws.rds.net.rx | NetworkReceiveThroughput | ext:cloud.aws.rds.networkReceiveThroughput ext:cloud.aws.rds.networkReceiveThroughputByRegionDatabaseClass ext:cloud.aws.rds.networkReceiveThroughputByRegionDBClusterIdentifier ext:cloud.aws.rds.networkReceiveThroughputByRegion ext:cloud.aws.rds.networkReceiveThroughputByRegionEngineName ext:cloud.aws.rds.networkReceiveThroughputByRegionDBClusterIdentifierRole |
| RDS network transmitted throughput | builtin:cloud.aws.rds.net.tx | NetworkTransmitThroughput | ext:cloud.aws.rds.networkTransmitThroughput ext:cloud.aws.rds.networkTransmitThroughputByRegionDatabaseClass ext:cloud.aws.rds.networkTransmitThroughputByRegionDBClusterIdentifier ext:cloud.aws.rds.networkTransmitThroughputByRegion ext:cloud.aws.rds.networkTransmitThroughputByRegionEngineName ext:cloud.aws.rds.networkTransmitThroughputByRegionDBClusterIdentifierRole |
| RDS read IOPS | builtin:cloud.aws.rds.ops.read | ReadIOPS | ext:cloud.aws.rds.readIOPS ext:cloud.aws.rds.readIOPSByRegionDatabaseClass ext:cloud.aws.rds.readIOPSByRegion ext:cloud.aws.rds.readIOPSByRegionEngineName |
| RDS write IOPS | builtin:cloud.aws.rds.ops.write | WriteIOPS | ext:cloud.aws.rds.writeIOPS ext:cloud.aws.rds.writeIOPSByRegionDatabaseClass ext:cloud.aws.rds.writeIOPSByRegion ext:cloud.aws.rds.writeIOPSByRegionEngineName |
| RDS read throughput | builtin:cloud.aws.rds.throughput.read | ReadThroughput | ext:cloud.aws.rds.readThroughput ext:cloud.aws.rds.readThroughputByRegionDatabaseClass ext:cloud.aws.rds.readThroughputByRegion ext:cloud.aws.rds.readThroughputByRegionEngineName |
| RDS write throughput | builtin:cloud.aws.rds.throughput.write | WriteThroughput | ext:cloud.aws.rds.writeThroughput ext:cloud.aws.rds.writeThroughputByRegionDatabaseClass ext:cloud.aws.rds.writeThroughputByRegion ext:cloud.aws.rds.writeThroughputByRegionEngineName |
| RDS connections | builtin:cloud.aws.rds.connections | DatabaseConnections Sum | ext:cloud.aws.rds.databaseConnectionsSumByRegionDatabaseClass ext:cloud.aws.rds.databaseConnectionsSumByRegionDBClusterIdentifier ext:cloud.aws.rds.databaseConnectionsSumByRegion ext:cloud.aws.rds.databaseConnectionsSumByRegionEngineName ext:cloud.aws.rds.databaseConnectionsSumByRegionDBClusterIdentifierRole |
| RDS free storage space % | builtin:cloud.aws.rds.free | - | - |
| RDS restarts | builtin:cloud.aws.rds.restarts | - | - |
Source: ec2-auto-scaling.md¶
title: Amazon EC2 Auto Scaling source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-with-aws/cloudwatch-metrics/cloudwatch-ec2/ec2-auto-scaling scraped: 2026-02-17T05:03:37.060997
Amazon EC2 Auto Scaling¶
Amazon EC2 Auto Scaling¶
- How-to guide
- 1-min read
- Updated on Nov 15, 2023
For information about differences between classic services and other services, see Migrate from AWS classic (formerly 'built-in') services to cloud services.
Dynatrace ingests metrics for multiple preselected namespaces, including Amazon EC2 Auto Scaling. You can view metrics for each service instance, split metrics into multiple dimensions, and create custom charts that you can pin to your dashboards.
Prerequisites¶
To enable monitoring for this service, you need
-
ActiveGate version 1.197+
-
For Dynatrace SaaS deployments, you need an Environment ActiveGate or a Multi-environment ActiveGate.
For role-based access in SaaS deployment, you need an Environment ActiveGate installed on an Amazon EC2 host.
- Dynatrace version 1.200+
- An updated AWS monitoring policy to include the additional AWS services.
To update the AWS IAM policy, use the JSON below, containing the monitoring policy (permissions) for all supporting services.
JSON predefined policy for all supporting services
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"acm-pca:ListCertificateAuthorities",
"apigateway:GET",
"apprunner:ListServices",
"appstream:DescribeFleets",
"appsync:ListGraphqlApis",
"athena:ListWorkGroups",
"autoscaling:DescribeAutoScalingGroups",
"cloudformation:ListStackResources",
"cloudfront:ListDistributions",
"cloudhsm:DescribeClusters",
"cloudsearch:DescribeDomains",
"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"codebuild:ListProjects",
"datasync:ListTasks",
"dax:DescribeClusters",
"directconnect:DescribeConnections",
"dms:DescribeReplicationInstances",
"dynamodb:ListTables",
"dynamodb:ListTagsOfResource",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeInstances",
"ec2:DescribeNatGateways",
"ec2:DescribeSpotFleetRequests",
"ec2:DescribeTransitGateways",
"ec2:DescribeVolumes",
"ec2:DescribeVpnConnections",
"ecs:ListClusters",
"eks:ListClusters",
"elasticache:DescribeCacheClusters",
"elasticbeanstalk:DescribeEnvironmentResources",
"elasticbeanstalk:DescribeEnvironments",
"elasticfilesystem:DescribeFileSystems",
"elasticloadbalancing:DescribeInstanceHealth",
"elasticloadbalancing:DescribeListeners",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeRules",
"elasticloadbalancing:DescribeTags",
"elasticloadbalancing:DescribeTargetHealth",
"elasticmapreduce:ListClusters",
"elastictranscoder:ListPipelines",
"es:ListDomainNames",
"events:ListEventBuses",
"firehose:ListDeliveryStreams",
"fsx:DescribeFileSystems",
"gamelift:ListFleets",
"glue:GetJobs",
"inspector:ListAssessmentTemplates",
"kafka:ListClusters",
"kinesis:ListStreams",
"kinesisanalytics:ListApplications",
"kinesisvideo:ListStreams",
"lambda:ListFunctions",
"lambda:ListTags",
"lex:GetBots",
"logs:DescribeLogGroups",
"mediaconnect:ListFlows",
"mediaconvert:DescribeEndpoints",
"mediapackage-vod:ListPackagingConfigurations",
"mediapackage:ListChannels",
"mediatailor:ListPlaybackConfigurations",
"opsworks:DescribeStacks",
"qldb:ListLedgers",
"rds:DescribeDBClusters",
"rds:DescribeDBInstances",
"rds:DescribeEvents",
"rds:ListTagsForResource",
"redshift:DescribeClusters",
"robomaker:ListSimulationJobs",
"route53:ListHostedZones",
"route53resolver:ListResolverEndpoints",
"s3:ListAllMyBuckets",
"sagemaker:ListEndpoints",
"sns:ListTopics",
"sqs:ListQueues",
"storagegateway:ListGateways",
"sts:GetCallerIdentity",
"swf:ListDomains",
"tag:GetResources",
"tag:GetTagKeys",
"transfer:ListServers",
"workmail:ListOrganizations",
"workspaces:DescribeWorkspaces"
],
"Resource": "*"
}
]
}
If you don't want to add permissions to all services, and just select permissions for certain services, consult the table below. The table contains a set of permissions that are required for All AWS cloud services and, for each supporting service, a list of optional permissions specific to that service.
Permissions required for AWS monitoring integration:
"cloudwatch:GetMetricData""cloudwatch:GetMetricStatistics""cloudwatch:ListMetrics""sts:GetCallerIdentity""tag:GetResources""tag:GetTagKeys""ec2:DescribeAvailabilityZones"
Complete list of permissions for cloud services¶
| Name | Permissions |
|---|---|
| All monitored Amazon services Required | cloudwatch:GetMetricData, cloudwatch:GetMetricStatistics, cloudwatch:ListMetrics, sts:GetCallerIdentity, tag:GetResources, tag:GetTagKeys, ec2:DescribeAvailabilityZones |
| AWS Certificate Manager Private Certificate Authority | acm-pca:ListCertificateAuthorities |
| Amazon MQ | |
| Amazon API Gateway | apigateway:GET |
| AWS App Runner | apprunner:ListServices |
| Amazon AppStream | appstream:DescribeFleets |
| AWS AppSync | appsync:ListGraphqlApis |
| Amazon Athena | athena:ListWorkGroups |
| Amazon Aurora | rds:DescribeDBClusters |
| Amazon EC2 Auto Scaling | autoscaling:DescribeAutoScalingGroups |
| Amazon EC2 Auto Scaling (built-in) | autoscaling:DescribeAutoScalingGroups |
| AWS Billing | |
| Amazon Keyspaces | |
| AWS Chatbot | |
| Amazon CloudFront | cloudfront:ListDistributions |
| AWS CloudHSM | cloudhsm:DescribeClusters |
| Amazon CloudSearch | cloudsearch:DescribeDomains |
| AWS CodeBuild | codebuild:ListProjects |
| Amazon Cognito | |
| Amazon Connect | |
| Amazon Elastic Kubernetes Service (EKS) | eks:ListClusters |
| AWS DataSync | datasync:ListTasks |
| Amazon DynamoDB Accelerator (DAX) | dax:DescribeClusters |
| AWS Database Migration Service (AWS DMS) | dms:DescribeReplicationInstances |
| Amazon DocumentDB | rds:DescribeDBClusters |
| AWS Direct Connect | directconnect:DescribeConnections |
| Amazon DynamoDB | dynamodb:ListTables |
| Amazon DynamoDB (built-in) | dynamodb:ListTables, dynamodb:ListTagsOfResource |
| Amazon EBS | ec2:DescribeVolumes |
| Amazon EBS (built-in) | ec2:DescribeVolumes |
| Amazon EC2 API | |
| Amazon EC2 (built-in) | ec2:DescribeInstances |
| Amazon EC2 Spot Fleet | ec2:DescribeSpotFleetRequests |
| Amazon Elastic Container Service (ECS) | ecs:ListClusters |
| Amazon ECS Container Insights | ecs:ListClusters |
| Amazon ElastiCache (EC) | elasticache:DescribeCacheClusters |
| AWS Elastic Beanstalk | elasticbeanstalk:DescribeEnvironments |
| Amazon Elastic File System (EFS) | elasticfilesystem:DescribeFileSystems |
| Amazon Elastic Inference | |
| Amazon Elastic Map Reduce (EMR) | elasticmapreduce:ListClusters |
| Amazon Elasticsearch Service (ES) | es:ListDomainNames |
| Amazon Elastic Transcoder | elastictranscoder:ListPipelines |
| Amazon Elastic Load Balancer (ELB) (built-in) | elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth |
| Amazon EventBridge | events:ListEventBuses |
| Amazon FSx | fsx:DescribeFileSystems |
| Amazon GameLift | gamelift:ListFleets |
| AWS Glue | glue:GetJobs |
| Amazon Inspector | inspector:ListAssessmentTemplates |
| AWS Internet of Things (IoT) | |
| AWS IoT Analytics | |
| Amazon Managed Streaming for Kafka | kafka:ListClusters |
| Amazon Kinesis Data Analytics | kinesisanalytics:ListApplications |
| Amazon Data Firehose | firehose:ListDeliveryStreams |
| Amazon Kinesis Data Streams | kinesis:ListStreams |
| Amazon Kinesis Video Streams | kinesisvideo:ListStreams |
| AWS Lambda | lambda:ListFunctions |
| AWS Lambda (built-in) | lambda:ListFunctions, lambda:ListTags |
| Amazon Lex | lex:GetBots |
| Amazon Application and Network Load Balancer (built-in) | elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth |
| Amazon CloudWatch Logs | logs:DescribeLogGroups |
| AWS Elemental MediaConnect | mediaconnect:ListFlows |
| AWS Elemental MediaConvert | mediaconvert:DescribeEndpoints |
| AWS Elemental MediaPackage Live | mediapackage:ListChannels |
| AWS Elemental MediaPackage Video on Demand | mediapackage-vod:ListPackagingConfigurations |
| AWS Elemental MediaTailor | mediatailor:ListPlaybackConfigurations |
| Amazon VPC NAT Gateways | ec2:DescribeNatGateways |
| Amazon Neptune | rds:DescribeDBClusters |
| AWS OpsWorks | opsworks:DescribeStacks |
| Amazon Polly | |
| Amazon QLDB | qldb:ListLedgers |
| Amazon RDS | rds:DescribeDBInstances |
| Amazon RDS (built-in) | rds:DescribeDBInstances, rds:DescribeEvents, rds:ListTagsForResource |
| Amazon Redshift | redshift:DescribeClusters |
| Amazon Rekognition | |
| AWS RoboMaker | robomaker:ListSimulationJobs |
| Amazon Route 53 | route53:ListHostedZones |
| Amazon Route 53 Resolver | route53resolver:ListResolverEndpoints |
| Amazon S3 | s3:ListAllMyBuckets |
| Amazon S3 (built-in) | s3:ListAllMyBuckets |
| Amazon SageMaker Batch Transform Jobs | |
| Amazon SageMaker Endpoint Instances | sagemaker:ListEndpoints |
| Amazon SageMaker Endpoints | sagemaker:ListEndpoints |
| Amazon SageMaker Ground Truth | |
| Amazon SageMaker Processing Jobs | |
| Amazon SageMaker Training Jobs | |
| AWS Service Catalog | |
| Amazon Simple Email Service (SES) | |
| Amazon Simple Notification Service (SNS) | sns:ListTopics |
| Amazon Simple Queue Service (SQS) | sqs:ListQueues |
| AWS Systems Manager - Run Command | |
| AWS Step Functions | |
| AWS Storage Gateway | storagegateway:ListGateways |
| Amazon SWF | swf:ListDomains |
| Amazon Textract | |
| AWS IoT Things Graph | |
| AWS Transfer Family | transfer:ListServers |
| AWS Transit Gateway | ec2:DescribeTransitGateways |
| Amazon Translate | |
| AWS Trusted Advisor | |
| AWS API Usage | |
| AWS Site-to-Site VPN | ec2:DescribeVpnConnections |
| AWS WAF Classic | |
| AWS WAF | |
| Amazon WorkMail | workmail:ListOrganizations |
| Amazon WorkSpaces | workspaces:DescribeWorkspaces |
Example of JSON policy for one single service.
JSON policy for Amazon API Gateway
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"apigateway:GET",
"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"sts:GetCallerIdentity",
"tag:GetResources",
"tag:GetTagKeys",
"ec2:DescribeAvailabilityZones"
],
"Resource": "*"
}
]
}
In this example, from the complete list of permissions you need to select
"apigateway:GET"for Amazon API Gateway"cloudwatch:GetMetricData","cloudwatch:GetMetricStatistics","cloudwatch:ListMetrics","sts:GetCallerIdentity","tag:GetResources","tag:GetTagKeys", and"ec2:DescribeAvailabilityZones"for All AWS cloud services.
AWS endpoints that need to be reachable from ActiveGate with corresponding AWS services¶
| Endpoint | Service |
|---|---|
autoscaling.<REGION>.amazonaws.com |
Amazon EC2 Auto Scaling (built-in), Amazon EC2 Auto Scaling |
lambda.<REGION>.amazonaws.com |
AWS Lambda (built-in), AWS Lambda |
elasticloadbalancing.<REGION>.amazonaws.com |
Amazon Application and Network Load Balancer (built-in), Amazon Elastic Load Balancer (ELB) (built-in) |
dynamodb.<REGION>.amazonaws.com |
Amazon DynamoDB (built-in), Amazon DynamoDB |
ec2.<REGION>.amazonaws.com |
Amazon EBS (built-in), Amazon EC2 (built-in), Amazon EBS, Amazon EC2 Spot Fleet, Amazon VPC NAT Gateways, AWS Transit Gateway, AWS Site-to-Site VPN |
rds.<REGION>.amazonaws.com |
Amazon RDS (built-in), Amazon Aurora, Amazon DocumentDB, Amazon Neptune, Amazon RDS |
s3.<REGION>.amazonaws.com |
Amazon S3 (built-in) |
acm-pca.<REGION>.amazonaws.com |
AWS Certificate Manager Private Certificate Authority |
apigateway.<REGION>.amazonaws.com |
Amazon API Gateway |
apprunner.<REGION>.amazonaws.com |
AWS App Runner |
appstream2.<REGION>.amazonaws.com |
Amazon AppStream |
appsync.<REGION>.amazonaws.com |
AWS AppSync |
athena.<REGION>.amazonaws.com |
Amazon Athena |
cloudfront.amazonaws.com |
Amazon CloudFront |
cloudhsmv2.<REGION>.amazonaws.com |
AWS CloudHSM |
cloudsearch.<REGION>.amazonaws.com |
Amazon CloudSearch |
codebuild.<REGION>.amazonaws.com |
AWS CodeBuild |
datasync.<REGION>.amazonaws.com |
AWS DataSync |
dax.<REGION>.amazonaws.com |
Amazon DynamoDB Accelerator (DAX) |
dms.<REGION>.amazonaws.com |
AWS Database Migration Service (AWS DMS) |
directconnect.<REGION>.amazonaws.com |
AWS Direct Connect |
ecs.<REGION>.amazonaws.com |
Amazon Elastic Container Service (ECS), Amazon ECS Container Insights |
elasticfilesystem.<REGION>.amazonaws.com |
Amazon Elastic File System (EFS) |
eks.<REGION>.amazonaws.com |
Amazon Elastic Kubernetes Service (EKS) |
elasticache.<REGION>.amazonaws.com |
Amazon ElastiCache (EC) |
elasticbeanstalk.<REGION>.amazonaws.com |
AWS Elastic Beanstalk |
elastictranscoder.<REGION>.amazonaws.com |
Amazon Elastic Transcoder |
es.<REGION>.amazonaws.com |
Amazon Elasticsearch Service (ES) |
events.<REGION>.amazonaws.com |
Amazon EventBridge |
fsx.<REGION>.amazonaws.com |
Amazon FSx |
gamelift.<REGION>.amazonaws.com |
Amazon GameLift |
glue.<REGION>.amazonaws.com |
AWS Glue |
inspector.<REGION>.amazonaws.com |
Amazon Inspector |
kafka.<REGION>.amazonaws.com |
Amazon Managed Streaming for Kafka |
models.lex.<REGION>.amazonaws.com |
Amazon Lex |
logs.<REGION>.amazonaws.com |
Amazon CloudWatch Logs |
api.mediatailor.<REGION>.amazonaws.com |
AWS Elemental MediaTailor |
mediaconnect.<REGION>.amazonaws.com |
AWS Elemental MediaConnect |
mediapackage.<REGION>.amazonaws.com |
AWS Elemental MediaPackage Live |
mediapackage-vod.<REGION>.amazonaws.com |
AWS Elemental MediaPackage Video on Demand |
opsworks.<REGION>.amazonaws.com |
AWS OpsWorks |
qldb.<REGION>.amazonaws.com |
Amazon QLDB |
redshift.<REGION>.amazonaws.com |
Amazon Redshift |
robomaker.<REGION>.amazonaws.com |
AWS RoboMaker |
route53.amazonaws.com |
Amazon Route 53 |
route53resolver.<REGION>.amazonaws.com |
Amazon Route 53 Resolver |
api.sagemaker.<REGION>.amazonaws.com |
Amazon SageMaker Endpoints, Amazon SageMaker Endpoint Instances |
sns.<REGION>.amazonaws.com |
Amazon Simple Notification Service (SNS) |
sqs.<REGION>.amazonaws.com |
Amazon Simple Queue Service (SQS) |
storagegateway.<REGION>.amazonaws.com |
AWS Storage Gateway |
swf.<REGION>.amazonaws.com |
Amazon SWF |
transfer.<REGION>.amazonaws.com |
AWS Transfer Family |
workmail.<REGION>.amazonaws.com |
Amazon WorkMail |
workspaces.<REGION>.amazonaws.com |
Amazon WorkSpaces |
This service monitors Amazon EC2 Auto Scaling. For this service you can see only instances with metrics.
Remember that if you have Amazon EC2 Auto Scaling service configured, you canât have Amazon EC2 Auto Scaling (built-in) service turned on. To monitor extended metrics, you need to select Amazon EC2 Auto Scaling, otherwise Amazon EC2 Auto Scaling (built-in) will provide only a basic count of EC2 instances in the scaling group.
By default, Auto Scaling Group metrics aren't reported. To have them reported, you need to enable them in the AWS Auto Scaling Group console.
Enable monitoring¶
To learn how to enable service monitoring, see Enable service monitoring.
View service metrics¶
You can view the service metrics in your Dynatrace environment either on the custom device overview page or on your Dashboards page.
View metrics on the custom device overview page¶
To access the custom device overview page
- Go to
Technologies & Processes Classic. - Filter by service name and select the relevant custom device group.
- Once you select the custom device group, you're on the custom device group overview page.
- The custom device group overview page lists all instances (custom devices) belonging to the group. Select an instance to view the custom device overview page.
View metrics on your dashboard¶
After you add the service to monitoring, a preset dashboard containing all recommended metrics is automatically listed on your Dashboards page. To look for specific dashboards, filter by Preset and then by Name.

For existing monitored services, you might need to resave your credentials for the preset dashboard to appear on the Dashboards page. To resave your credentials, go to Settings > Cloud and virtualization > AWS, select the desired AWS instance, and then select Save.
You can't make changes on a preset dashboard directly, but you can clone and edit it. To clone a dashboard, open the browse menu (â¦) and select Clone.
To remove a dashboard from the dashboards page, you can hide it. To hide a dashboard, open the browse menu (â¦) and select Hide.
Hiding a dashboard doesn't affect other users.

To check the availability of preset dashboards for each AWS service, see the list below.
Preset dashboard availability list¶
| AWS service | Preset dashboard |
|---|---|
| Amazon EC2 Auto Scaling (built-in) | Not applicable |
| AWS Lambda (built-in) | Not applicable |
| Amazon Application and Network Load Balancer (built-in) | Not applicable |
| Amazon DynamoDB (built-in) | Not applicable |
| Amazon EBS (built-in) | Not applicable |
| Amazon EC2 (built-in) | Not applicable |
| Amazon Elastic Load Balancer (ELB) (built-in) | Not applicable |
| Amazon RDS (built-in) | Not applicable |
| Amazon S3 (built-in) | Not applicable |
| AWS Certificate Manager Private Certificate Authority | Not applicable |
| All monitored Amazon services | Not applicable |
| Amazon API Gateway | Not applicable |
| AWS App Runner | Not applicable |
| Amazon AppStream | Applicable |
| AWS AppSync | Applicable |
| Amazon Athena | Applicable |
| Amazon Aurora | Not applicable |
| Amazon EC2 Auto Scaling | Applicable |
| AWS Billing | Applicable |
| Amazon Keyspaces | Applicable |
| AWS Chatbot | Applicable |
| Amazon CloudFront | Not applicable |
| AWS CloudHSM | Applicable |
| Amazon CloudSearch | Applicable |
| AWS CodeBuild | Applicable |
| Amazon Cognito | Not applicable |
| Amazon Connect | Applicable |
| AWS DataSync | Applicable |
| Amazon DynamoDB Accelerator (DAX) | Applicable |
| AWS Database Migration Service (AWS DMS) | Applicable |
| Amazon DocumentDB | Applicable |
| AWS Direct Connect | Applicable |
| Amazon DynamoDB | Not applicable |
| Amazon EBS | Not applicable |
| Amazon EC2 Spot Fleet | Not applicable |
| Amazon EC2 API | Applicable |
| Amazon Elastic Container Service (ECS) | Not applicable |
| Amazon ECS Container Insights | Applicable |
| Amazon Elastic File System (EFS) | Not applicable |
| Amazon Elastic Kubernetes Service (EKS) | Applicable |
| Amazon ElastiCache (EC) | Not applicable |
| AWS Elastic Beanstalk | Applicable |
| Amazon Elastic Inference | Applicable |
| Amazon Elastic Transcoder | Applicable |
| Amazon Elastic Map Reduce (EMR) | Not applicable |
| Amazon Elasticsearch Service (ES) | Not applicable |
| Amazon EventBridge | Applicable |
| Amazon FSx | Applicable |
| Amazon GameLift | Applicable |
| AWS Glue | Not applicable |
| Amazon Inspector | Applicable |
| AWS Internet of Things (IoT) | Not applicable |
| AWS IoT Things Graph | Applicable |
| AWS IoT Analytics | Applicable |
| Amazon Managed Streaming for Kafka | Applicable |
| Amazon Kinesis Data Analytics | Not applicable |
| Amazon Data Firehose | Not applicable |
| Amazon Kinesis Data Streams | Not applicable |
| Amazon Kinesis Video Streams | Not applicable |
| AWS Lambda | Not applicable |
| Amazon Lex | Applicable |
| Amazon CloudWatch Logs | Applicable |
| AWS Elemental MediaTailor | Applicable |
| AWS Elemental MediaConnect | Applicable |
| AWS Elemental MediaConvert | Applicable |
| AWS Elemental MediaPackage Live | Applicable |
| AWS Elemental MediaPackage Video on Demand | Applicable |
| Amazon MQ | Applicable |
| Amazon VPC NAT Gateways | Not applicable |
| Amazon Neptune | Applicable |
| AWS OpsWorks | Applicable |
| Amazon Polly | Applicable |
| Amazon QLDB | Applicable |
| Amazon RDS | Not applicable |
| Amazon Redshift | Not applicable |
| Amazon Rekognition | Applicable |
| AWS RoboMaker | Applicable |
| Amazon Route 53 | Applicable |
| Amazon Route 53 Resolver | Applicable |
| Amazon S3 | Not applicable |
| Amazon SageMaker Batch Transform Jobs | Not applicable |
| Amazon SageMaker Endpoints | Not applicable |
| Amazon SageMaker Endpoint Instances | Not applicable |
| Amazon SageMaker Ground Truth | Not applicable |
| Amazon SageMaker Processing Jobs | Not applicable |
| Amazon SageMaker Training Jobs | Not applicable |
| AWS Service Catalog | Applicable |
| Amazon Simple Email Service (SES) | Not applicable |
| Amazon Simple Notification Service (SNS) | Not applicable |
| Amazon Simple Queue Service (SQS) | Not applicable |
| AWS Systems Manager - Run Command | Applicable |
| AWS Step Functions | Applicable |
| AWS Storage Gateway | Applicable |
| Amazon SWF | Applicable |
| Amazon Textract | Applicable |
| AWS Transfer Family | Applicable |
| AWS Transit Gateway | Applicable |
| Amazon Translate | Applicable |
| AWS Trusted Advisor | Applicable |
| AWS API Usage | Applicable |
| AWS Site-to-Site VPN | Applicable |
| AWS WAF Classic | Applicable |
| AWS WAF | Applicable |
| Amazon WorkMail | Applicable |
| Amazon WorkSpaces | Applicable |

Available metrics¶
AutoScalingGroupName is the main dimension.
| Name | Description | Unit | Statistics | Dimensions | Recommended |
|---|---|---|---|---|---|
| GroupAndWarmPoolDesiredCapacity | The desired capacity of the Auto Scaling group and the warm pool combined. | Count | Average | AutoScalingGroupName | |
| GroupAndWarmPoolTotalCapacity | The total capacity of the Auto Scaling group and the warm pool combined. This includes instances that are running, stopped, pending, terminating, or in service. | Count | Average | AutoScalingGroupName | |
| GroupDesiredCapacity | The number of instances that the Auto Scaling group attempts to maintain | Count | Average | AutoScalingGroupName | Applicable |
| GroupInServiceCapacity | The number of capacity units that are running as part of the Auto Scaling group | Count | Average | AutoScalingGroupName | |
| GroupInServiceInstances | The number of instances that are running as part of the Auto Scaling group. This metric does not include instances that are pending or terminating. | Count | Average | AutoScalingGroupName | Applicable |
| GroupMaxSize | The maximum size of the Auto Scaling group | Count | Average | AutoScalingGroupName | Applicable |
| GroupMinSize | The minimum size of the Auto Scaling group | Count | Average | AutoScalingGroupName | Applicable |
| GroupPendingCapacity | The number of capacity units that are pending | Count | Average | AutoScalingGroupName | |
| GroupPendingInstances | The number of instances that are pending. A pending instance is not yet in service. This metric does not include instances that are in service or terminating. | Count | Average | AutoScalingGroupName | Applicable |
| GroupStandbyCapacity | The number of capacity units that are in a standby state | Count | Average | AutoScalingGroupName | |
| GroupStandbyInstances | The number of instances that are in a standby state. Instances in this state are still running but are not actively in service. | Count | Average | AutoScalingGroupName | Applicable |
| GroupTerminatingCapacity | The number of capacity units that are in the process of terminating | Count | Average | AutoScalingGroupName | |
| GroupTerminatingInstances | The number of instances that are in the process of terminating. This metric does not include instances that are in service or pending. | Count | Average | AutoScalingGroupName | Applicable |
| GroupTotalCapacity | The total number of capacity units in the Auto Scaling group | Count | Average | AutoScalingGroupName | |
| GroupTotalInstances | The total number of instances in the Auto Scaling group. This metric identifies the number of instances that are in service, pending, and terminating. | Count | Average | AutoScalingGroupName | Applicable |
| WarmPoolDesiredCapacity | The amount of capacity that Amazon EC2 Auto Scaling attempts to maintain in the warm pool. | Count | Average | AutoScalingGroupName | |
| WarmPoolMinSize | The minimum size of the warm pool. | Count | Average | AutoScalingGroupName | |
| WarmPoolPendingCapacity | The amount of capacity in the warm pool that is pending. This metric does not include instances that are running, stopped, or terminating. | Count | Average | AutoScalingGroupName | |
| WarmPoolTerminatingCapacity | The amount of capacity in the warm pool that is in the process of terminating. This metric does not include instances that are running, stopped, or pending. | Count | Average | AutoScalingGroupName | |
| WarmPoolTotalCapacity | The total capacity of the warm pool, including instances that are running, stopped, pending, or terminating. | Count | Average | AutoScalingGroupName | |
| WarmPoolWarmedCapacity | The amount of capacity available to enter the Auto Scaling group during scale out. This metric does not include instances that are pending or terminating. | Count | Average | AutoScalingGroupName |
Limitations¶
Tagging isn't available for Amazon EC2 Auto Scaling.
Dynatrace entities of this AWS service are not enriched with the ARN property.
Source: cloudwatch-eks.md¶
title: Monitor Amazon Elastic Kubernetes Service (EKS) with CloudWatch metrics source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-with-aws/cloudwatch-metrics/cloudwatch-eks scraped: 2026-02-18T05:39:38.791857
Monitor Amazon Elastic Kubernetes Service (EKS) with CloudWatch metrics¶
Monitor Amazon Elastic Kubernetes Service (EKS) with CloudWatch metrics¶
- How-to guide
- 5-min read
- Updated on Jun 20, 2022
Dynatrace ingests metrics for multiple preselected namespaces, including Amazon Elastic Kubernetes Service (EKS). You can view graphs per service instance, with a set of dimensions, and create custom graphs that you can pin to your dashboards.
Prerequisites¶
To enable monitoring for this service, you need
-
ActiveGate version 1.197+
-
For Dynatrace SaaS deployments, you need an Environment ActiveGate or a Multi-environment ActiveGate.
For role-based access in SaaS deployment, you need an Environment ActiveGate installed on an Amazon EC2 host.
- Dynatrace version 1.199+
- An updated AWS monitoring policy to include the additional AWS services.
To update the AWS IAM policy, use the JSON below, containing the monitoring policy (permissions) for all supporting services.
JSON predefined policy for all supporting services
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"acm-pca:ListCertificateAuthorities",
"apigateway:GET",
"apprunner:ListServices",
"appstream:DescribeFleets",
"appsync:ListGraphqlApis",
"athena:ListWorkGroups",
"autoscaling:DescribeAutoScalingGroups",
"cloudformation:ListStackResources",
"cloudfront:ListDistributions",
"cloudhsm:DescribeClusters",
"cloudsearch:DescribeDomains",
"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"codebuild:ListProjects",
"datasync:ListTasks",
"dax:DescribeClusters",
"directconnect:DescribeConnections",
"dms:DescribeReplicationInstances",
"dynamodb:ListTables",
"dynamodb:ListTagsOfResource",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeInstances",
"ec2:DescribeNatGateways",
"ec2:DescribeSpotFleetRequests",
"ec2:DescribeTransitGateways",
"ec2:DescribeVolumes",
"ec2:DescribeVpnConnections",
"ecs:ListClusters",
"eks:ListClusters",
"elasticache:DescribeCacheClusters",
"elasticbeanstalk:DescribeEnvironmentResources",
"elasticbeanstalk:DescribeEnvironments",
"elasticfilesystem:DescribeFileSystems",
"elasticloadbalancing:DescribeInstanceHealth",
"elasticloadbalancing:DescribeListeners",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeRules",
"elasticloadbalancing:DescribeTags",
"elasticloadbalancing:DescribeTargetHealth",
"elasticmapreduce:ListClusters",
"elastictranscoder:ListPipelines",
"es:ListDomainNames",
"events:ListEventBuses",
"firehose:ListDeliveryStreams",
"fsx:DescribeFileSystems",
"gamelift:ListFleets",
"glue:GetJobs",
"inspector:ListAssessmentTemplates",
"kafka:ListClusters",
"kinesis:ListStreams",
"kinesisanalytics:ListApplications",
"kinesisvideo:ListStreams",
"lambda:ListFunctions",
"lambda:ListTags",
"lex:GetBots",
"logs:DescribeLogGroups",
"mediaconnect:ListFlows",
"mediaconvert:DescribeEndpoints",
"mediapackage-vod:ListPackagingConfigurations",
"mediapackage:ListChannels",
"mediatailor:ListPlaybackConfigurations",
"opsworks:DescribeStacks",
"qldb:ListLedgers",
"rds:DescribeDBClusters",
"rds:DescribeDBInstances",
"rds:DescribeEvents",
"rds:ListTagsForResource",
"redshift:DescribeClusters",
"robomaker:ListSimulationJobs",
"route53:ListHostedZones",
"route53resolver:ListResolverEndpoints",
"s3:ListAllMyBuckets",
"sagemaker:ListEndpoints",
"sns:ListTopics",
"sqs:ListQueues",
"storagegateway:ListGateways",
"sts:GetCallerIdentity",
"swf:ListDomains",
"tag:GetResources",
"tag:GetTagKeys",
"transfer:ListServers",
"workmail:ListOrganizations",
"workspaces:DescribeWorkspaces"
],
"Resource": "*"
}
]
}
If you don't want to add permissions to all services, and just select permissions for certain services, consult the table below. The table contains a set of permissions that are required for All AWS cloud services and, for each supporting service, a list of optional permissions specific to that service.
Permissions required for AWS monitoring integration:
"cloudwatch:GetMetricData""cloudwatch:GetMetricStatistics""cloudwatch:ListMetrics""sts:GetCallerIdentity""tag:GetResources""tag:GetTagKeys""ec2:DescribeAvailabilityZones"
Complete list of permissions for cloud services¶
| Name | Permissions |
|---|---|
| All monitored Amazon services Required | cloudwatch:GetMetricData, cloudwatch:GetMetricStatistics, cloudwatch:ListMetrics, sts:GetCallerIdentity, tag:GetResources, tag:GetTagKeys, ec2:DescribeAvailabilityZones |
| AWS Certificate Manager Private Certificate Authority | acm-pca:ListCertificateAuthorities |
| Amazon MQ | |
| Amazon API Gateway | apigateway:GET |
| AWS App Runner | apprunner:ListServices |
| Amazon AppStream | appstream:DescribeFleets |
| AWS AppSync | appsync:ListGraphqlApis |
| Amazon Athena | athena:ListWorkGroups |
| Amazon Aurora | rds:DescribeDBClusters |
| Amazon EC2 Auto Scaling | autoscaling:DescribeAutoScalingGroups |
| Amazon EC2 Auto Scaling (built-in) | autoscaling:DescribeAutoScalingGroups |
| AWS Billing | |
| Amazon Keyspaces | |
| AWS Chatbot | |
| Amazon CloudFront | cloudfront:ListDistributions |
| AWS CloudHSM | cloudhsm:DescribeClusters |
| Amazon CloudSearch | cloudsearch:DescribeDomains |
| AWS CodeBuild | codebuild:ListProjects |
| Amazon Cognito | |
| Amazon Connect | |
| Amazon Elastic Kubernetes Service (EKS) | eks:ListClusters |
| AWS DataSync | datasync:ListTasks |
| Amazon DynamoDB Accelerator (DAX) | dax:DescribeClusters |
| AWS Database Migration Service (AWS DMS) | dms:DescribeReplicationInstances |
| Amazon DocumentDB | rds:DescribeDBClusters |
| AWS Direct Connect | directconnect:DescribeConnections |
| Amazon DynamoDB | dynamodb:ListTables |
| Amazon DynamoDB (built-in) | dynamodb:ListTables, dynamodb:ListTagsOfResource |
| Amazon EBS | ec2:DescribeVolumes |
| Amazon EBS (built-in) | ec2:DescribeVolumes |
| Amazon EC2 API | |
| Amazon EC2 (built-in) | ec2:DescribeInstances |
| Amazon EC2 Spot Fleet | ec2:DescribeSpotFleetRequests |
| Amazon Elastic Container Service (ECS) | ecs:ListClusters |
| Amazon ECS Container Insights | ecs:ListClusters |
| Amazon ElastiCache (EC) | elasticache:DescribeCacheClusters |
| AWS Elastic Beanstalk | elasticbeanstalk:DescribeEnvironments |
| Amazon Elastic File System (EFS) | elasticfilesystem:DescribeFileSystems |
| Amazon Elastic Inference | |
| Amazon Elastic Map Reduce (EMR) | elasticmapreduce:ListClusters |
| Amazon Elasticsearch Service (ES) | es:ListDomainNames |
| Amazon Elastic Transcoder | elastictranscoder:ListPipelines |
| Amazon Elastic Load Balancer (ELB) (built-in) | elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth |
| Amazon EventBridge | events:ListEventBuses |
| Amazon FSx | fsx:DescribeFileSystems |
| Amazon GameLift | gamelift:ListFleets |
| AWS Glue | glue:GetJobs |
| Amazon Inspector | inspector:ListAssessmentTemplates |
| AWS Internet of Things (IoT) | |
| AWS IoT Analytics | |
| Amazon Managed Streaming for Kafka | kafka:ListClusters |
| Amazon Kinesis Data Analytics | kinesisanalytics:ListApplications |
| Amazon Data Firehose | firehose:ListDeliveryStreams |
| Amazon Kinesis Data Streams | kinesis:ListStreams |
| Amazon Kinesis Video Streams | kinesisvideo:ListStreams |
| AWS Lambda | lambda:ListFunctions |
| AWS Lambda (built-in) | lambda:ListFunctions, lambda:ListTags |
| Amazon Lex | lex:GetBots |
| Amazon Application and Network Load Balancer (built-in) | elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth |
| Amazon CloudWatch Logs | logs:DescribeLogGroups |
| AWS Elemental MediaConnect | mediaconnect:ListFlows |
| AWS Elemental MediaConvert | mediaconvert:DescribeEndpoints |
| AWS Elemental MediaPackage Live | mediapackage:ListChannels |
| AWS Elemental MediaPackage Video on Demand | mediapackage-vod:ListPackagingConfigurations |
| AWS Elemental MediaTailor | mediatailor:ListPlaybackConfigurations |
| Amazon VPC NAT Gateways | ec2:DescribeNatGateways |
| Amazon Neptune | rds:DescribeDBClusters |
| AWS OpsWorks | opsworks:DescribeStacks |
| Amazon Polly | |
| Amazon QLDB | qldb:ListLedgers |
| Amazon RDS | rds:DescribeDBInstances |
| Amazon RDS (built-in) | rds:DescribeDBInstances, rds:DescribeEvents, rds:ListTagsForResource |
| Amazon Redshift | redshift:DescribeClusters |
| Amazon Rekognition | |
| AWS RoboMaker | robomaker:ListSimulationJobs |
| Amazon Route 53 | route53:ListHostedZones |
| Amazon Route 53 Resolver | route53resolver:ListResolverEndpoints |
| Amazon S3 | s3:ListAllMyBuckets |
| Amazon S3 (built-in) | s3:ListAllMyBuckets |
| Amazon SageMaker Batch Transform Jobs | |
| Amazon SageMaker Endpoint Instances | sagemaker:ListEndpoints |
| Amazon SageMaker Endpoints | sagemaker:ListEndpoints |
| Amazon SageMaker Ground Truth | |
| Amazon SageMaker Processing Jobs | |
| Amazon SageMaker Training Jobs | |
| AWS Service Catalog | |
| Amazon Simple Email Service (SES) | |
| Amazon Simple Notification Service (SNS) | sns:ListTopics |
| Amazon Simple Queue Service (SQS) | sqs:ListQueues |
| AWS Systems Manager - Run Command | |
| AWS Step Functions | |
| AWS Storage Gateway | storagegateway:ListGateways |
| Amazon SWF | swf:ListDomains |
| Amazon Textract | |
| AWS IoT Things Graph | |
| AWS Transfer Family | transfer:ListServers |
| AWS Transit Gateway | ec2:DescribeTransitGateways |
| Amazon Translate | |
| AWS Trusted Advisor | |
| AWS API Usage | |
| AWS Site-to-Site VPN | ec2:DescribeVpnConnections |
| AWS WAF Classic | |
| AWS WAF | |
| Amazon WorkMail | workmail:ListOrganizations |
| Amazon WorkSpaces | workspaces:DescribeWorkspaces |
Example of JSON policy for one single service.
JSON policy for Amazon API Gateway
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"apigateway:GET",
"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"sts:GetCallerIdentity",
"tag:GetResources",
"tag:GetTagKeys",
"ec2:DescribeAvailabilityZones"
],
"Resource": "*"
}
]
}
In this example, from the complete list of permissions you need to select
"apigateway:GET"for Amazon API Gateway-
"cloudwatch:GetMetricData","cloudwatch:GetMetricStatistics","cloudwatch:ListMetrics","sts:GetCallerIdentity","tag:GetResources","tag:GetTagKeys", and"ec2:DescribeAvailabilityZones"for All AWS cloud services.
AWS endpoints that need to be reachable from ActiveGate with corresponding AWS services¶
| Endpoint | Service |
|---|---|
autoscaling.<REGION>.amazonaws.com |
Amazon EC2 Auto Scaling (built-in), Amazon EC2 Auto Scaling |
lambda.<REGION>.amazonaws.com |
AWS Lambda (built-in), AWS Lambda |
elasticloadbalancing.<REGION>.amazonaws.com |
Amazon Application and Network Load Balancer (built-in), Amazon Elastic Load Balancer (ELB) (built-in) |
dynamodb.<REGION>.amazonaws.com |
Amazon DynamoDB (built-in), Amazon DynamoDB |
ec2.<REGION>.amazonaws.com |
Amazon EBS (built-in), Amazon EC2 (built-in), Amazon EBS, Amazon EC2 Spot Fleet, Amazon VPC NAT Gateways, AWS Transit Gateway, AWS Site-to-Site VPN |
rds.<REGION>.amazonaws.com |
Amazon RDS (built-in), Amazon Aurora, Amazon DocumentDB, Amazon Neptune, Amazon RDS |
s3.<REGION>.amazonaws.com |
Amazon S3 (built-in) |
acm-pca.<REGION>.amazonaws.com |
AWS Certificate Manager Private Certificate Authority |
apigateway.<REGION>.amazonaws.com |
Amazon API Gateway |
apprunner.<REGION>.amazonaws.com |
AWS App Runner |
appstream2.<REGION>.amazonaws.com |
Amazon AppStream |
appsync.<REGION>.amazonaws.com |
AWS AppSync |
athena.<REGION>.amazonaws.com |
Amazon Athena |
cloudfront.amazonaws.com |
Amazon CloudFront |
cloudhsmv2.<REGION>.amazonaws.com |
AWS CloudHSM |
cloudsearch.<REGION>.amazonaws.com |
Amazon CloudSearch |
codebuild.<REGION>.amazonaws.com |
AWS CodeBuild |
datasync.<REGION>.amazonaws.com |
AWS DataSync |
dax.<REGION>.amazonaws.com |
Amazon DynamoDB Accelerator (DAX) |
dms.<REGION>.amazonaws.com |
AWS Database Migration Service (AWS DMS) |
directconnect.<REGION>.amazonaws.com |
AWS Direct Connect |
ecs.<REGION>.amazonaws.com |
Amazon Elastic Container Service (ECS), Amazon ECS Container Insights |
elasticfilesystem.<REGION>.amazonaws.com |
Amazon Elastic File System (EFS) |
eks.<REGION>.amazonaws.com |
Amazon Elastic Kubernetes Service (EKS) |
elasticache.<REGION>.amazonaws.com |
Amazon ElastiCache (EC) |
elasticbeanstalk.<REGION>.amazonaws.com |
AWS Elastic Beanstalk |
elastictranscoder.<REGION>.amazonaws.com |
Amazon Elastic Transcoder |
es.<REGION>.amazonaws.com |
Amazon Elasticsearch Service (ES) |
events.<REGION>.amazonaws.com |
Amazon EventBridge |
fsx.<REGION>.amazonaws.com |
Amazon FSx |
gamelift.<REGION>.amazonaws.com |
Amazon GameLift |
glue.<REGION>.amazonaws.com |
AWS Glue |
inspector.<REGION>.amazonaws.com |
Amazon Inspector |
kafka.<REGION>.amazonaws.com |
Amazon Managed Streaming for Kafka |
models.lex.<REGION>.amazonaws.com |
Amazon Lex |
logs.<REGION>.amazonaws.com |
Amazon CloudWatch Logs |
api.mediatailor.<REGION>.amazonaws.com |
AWS Elemental MediaTailor |
mediaconnect.<REGION>.amazonaws.com |
AWS Elemental MediaConnect |
mediapackage.<REGION>.amazonaws.com |
AWS Elemental MediaPackage Live |
mediapackage-vod.<REGION>.amazonaws.com |
AWS Elemental MediaPackage Video on Demand |
opsworks.<REGION>.amazonaws.com |
AWS OpsWorks |
qldb.<REGION>.amazonaws.com |
Amazon QLDB |
redshift.<REGION>.amazonaws.com |
Amazon Redshift |
robomaker.<REGION>.amazonaws.com |
AWS RoboMaker |
route53.amazonaws.com |
Amazon Route 53 |
route53resolver.<REGION>.amazonaws.com |
Amazon Route 53 Resolver |
api.sagemaker.<REGION>.amazonaws.com |
Amazon SageMaker Endpoints, Amazon SageMaker Endpoint Instances |
sns.<REGION>.amazonaws.com |
Amazon Simple Notification Service (SNS) |
sqs.<REGION>.amazonaws.com |
Amazon Simple Queue Service (SQS) |
storagegateway.<REGION>.amazonaws.com |
AWS Storage Gateway |
swf.<REGION>.amazonaws.com |
Amazon SWF |
transfer.<REGION>.amazonaws.com |
AWS Transfer Family |
workmail.<REGION>.amazonaws.com |
Amazon WorkMail |
workspaces.<REGION>.amazonaws.com |
Amazon WorkSpaces |
Container Insights needs to be set up on a cluster to have metrics reported. For details, see the AWS documentation.
Enable monitoring¶
To learn how to enable service monitoring, see Enable service monitoring.
View service metrics¶
You can view the service metrics in your Dynatrace environment either on the custom device overview page or on your Dashboards page.
View metrics on the custom device overview page¶
To access the custom device overview page
- Go to
Technologies & Processes Classic. - Filter by service name and select the relevant custom device group.
- Once you select the custom device group, you're on the custom device group overview page.
- The custom device group overview page lists all instances (custom devices) belonging to the group. Select an instance to view the custom device overview page.
View metrics on your dashboard¶
After you add the service to monitoring, a preset dashboard containing all recommended metrics is automatically listed on your Dashboards page. To look for specific dashboards, filter by Preset and then by Name.

For existing monitored services, you might need to resave your credentials for the preset dashboard to appear on the Dashboards page. To resave your credentials, go to Settings > Cloud and virtualization > AWS, select the desired AWS instance, and then select Save.
You can't make changes on a preset dashboard directly, but you can clone and edit it. To clone a dashboard, open the browse menu (â¦) and select Clone.
To remove a dashboard from the dashboards page, you can hide it. To hide a dashboard, open the browse menu (â¦) and select Hide.
Hiding a dashboard doesn't affect other users.

To check the availability of preset dashboards for each AWS service, see the list below.
Preset dashboard availability list¶
| AWS service | Preset dashboard |
|---|---|
| Amazon EC2 Auto Scaling (built-in) | Not applicable |
| AWS Lambda (built-in) | Not applicable |
| Amazon Application and Network Load Balancer (built-in) | Not applicable |
| Amazon DynamoDB (built-in) | Not applicable |
| Amazon EBS (built-in) | Not applicable |
| Amazon EC2 (built-in) | Not applicable |
| Amazon Elastic Load Balancer (ELB) (built-in) | Not applicable |
| Amazon RDS (built-in) | Not applicable |
| Amazon S3 (built-in) | Not applicable |
| AWS Certificate Manager Private Certificate Authority | Not applicable |
| All monitored Amazon services | Not applicable |
| Amazon API Gateway | Not applicable |
| AWS App Runner | Not applicable |
| Amazon AppStream | Applicable |
| AWS AppSync | Applicable |
| Amazon Athena | Applicable |
| Amazon Aurora | Not applicable |
| Amazon EC2 Auto Scaling | Applicable |
| AWS Billing | Applicable |
| Amazon Keyspaces | Applicable |
| AWS Chatbot | Applicable |
| Amazon CloudFront | Not applicable |
| AWS CloudHSM | Applicable |
| Amazon CloudSearch | Applicable |
| AWS CodeBuild | Applicable |
| Amazon Cognito | Not applicable |
| Amazon Connect | Applicable |
| AWS DataSync | Applicable |
| Amazon DynamoDB Accelerator (DAX) | Applicable |
| AWS Database Migration Service (AWS DMS) | Applicable |
| Amazon DocumentDB | Applicable |
| AWS Direct Connect | Applicable |
| Amazon DynamoDB | Not applicable |
| Amazon EBS | Not applicable |
| Amazon EC2 Spot Fleet | Not applicable |
| Amazon EC2 API | Applicable |
| Amazon Elastic Container Service (ECS) | Not applicable |
| Amazon ECS Container Insights | Applicable |
| Amazon Elastic File System (EFS) | Not applicable |
| Amazon Elastic Kubernetes Service (EKS) | Applicable |
| Amazon ElastiCache (EC) | Not applicable |
| AWS Elastic Beanstalk | Applicable |
| Amazon Elastic Inference | Applicable |
| Amazon Elastic Transcoder | Applicable |
| Amazon Elastic Map Reduce (EMR) | Not applicable |
| Amazon Elasticsearch Service (ES) | Not applicable |
| Amazon EventBridge | Applicable |
| Amazon FSx | Applicable |
| Amazon GameLift | Applicable |
| AWS Glue | Not applicable |
| Amazon Inspector | Applicable |
| AWS Internet of Things (IoT) | Not applicable |
| AWS IoT Things Graph | Applicable |
| AWS IoT Analytics | Applicable |
| Amazon Managed Streaming for Kafka | Applicable |
| Amazon Kinesis Data Analytics | Not applicable |
| Amazon Data Firehose | Not applicable |
| Amazon Kinesis Data Streams | Not applicable |
| Amazon Kinesis Video Streams | Not applicable |
| AWS Lambda | Not applicable |
| Amazon Lex | Applicable |
| Amazon CloudWatch Logs | Applicable |
| AWS Elemental MediaTailor | Applicable |
| AWS Elemental MediaConnect | Applicable |
| AWS Elemental MediaConvert | Applicable |
| AWS Elemental MediaPackage Live | Applicable |
| AWS Elemental MediaPackage Video on Demand | Applicable |
| Amazon MQ | Applicable |
| Amazon VPC NAT Gateways | Not applicable |
| Amazon Neptune | Applicable |
| AWS OpsWorks | Applicable |
| Amazon Polly | Applicable |
| Amazon QLDB | Applicable |
| Amazon RDS | Not applicable |
| Amazon Redshift | Not applicable |
| Amazon Rekognition | Applicable |
| AWS RoboMaker | Applicable |
| Amazon Route 53 | Applicable |
| Amazon Route 53 Resolver | Applicable |
| Amazon S3 | Not applicable |
| Amazon SageMaker Batch Transform Jobs | Not applicable |
| Amazon SageMaker Endpoints | Not applicable |
| Amazon SageMaker Endpoint Instances | Not applicable |
| Amazon SageMaker Ground Truth | Not applicable |
| Amazon SageMaker Processing Jobs | Not applicable |
| Amazon SageMaker Training Jobs | Not applicable |
| AWS Service Catalog | Applicable |
| Amazon Simple Email Service (SES) | Not applicable |
| Amazon Simple Notification Service (SNS) | Not applicable |
| Amazon Simple Queue Service (SQS) | Not applicable |
| AWS Systems Manager - Run Command | Applicable |
| AWS Step Functions | Applicable |
| AWS Storage Gateway | Applicable |
| Amazon SWF | Applicable |
| Amazon Textract | Applicable |
| AWS Transfer Family | Applicable |
| AWS Transit Gateway | Applicable |
| Amazon Translate | Applicable |
| AWS Trusted Advisor | Applicable |
| AWS API Usage | Applicable |
| AWS Site-to-Site VPN | Applicable |
| AWS WAF Classic | Applicable |
| AWS WAF | Applicable |
| Amazon WorkMail | Applicable |
| Amazon WorkSpaces | Applicable |

Available metrics¶
| Name | Description | Unit | Statistics | Dimensions | Recommended |
|---|---|---|---|---|---|
| cluster_failed_node_count | The number of failed worker nodes in the cluster | Count | Average | ClusterName | Applicable |
| cluster_node_count | The total number of worker nodes in the cluster | Count | Average | ClusterName | Applicable |
| namespace_number_of_running_pods | The number of pods running per namespace in the resource that is specified by the dimensions that you're using | Count | Average | ClusterName, Namespace | Applicable |
| node_cpu_limit | The maximum number of CPU units that can be assigned to a single node in this cluster | None | Multi | ClusterName | Applicable |
| node_cpu_reserved_capacity | The percentage of CPU units that are reserved for node components, such as kubelet, kube-proxy, and Docker | Percent | Multi | ClusterName, InstanceId, NodeName | |
| node_cpu_reserved_capacity | Percent | Multi | ClusterName | Applicable | |
| node_cpu_usage_total | The number of CPU units being used on the nodes in the cluster | None | Multi | ClusterName | Applicable |
| node_cpu_utilization | The total percentage of CPU units being used on the nodes in the cluster | Percent | Multi | ClusterName, InstanceId, NodeName | Applicable |
| node_cpu_utilization | Percent | Multi | ClusterName | ||
| node_filesystem_utilization | The total percentage of file system capacity being used on nodes in the cluster | Percent | Multi | ClusterName, InstanceId, NodeName | Applicable |
| node_filesystem_utilization | Percent | Multi | ClusterName | ||
| node_memory_limit | The maximum amount of memory, in bytes, that can be assigned to a single node in this cluster | Bytes | Multi | ClusterName | Applicable |
| node_memory_reserved_capacity | The percentage of memory currently being used on the nodes in the cluster | Percent | Multi | ClusterName, InstanceId, NodeName | |
| node_memory_reserved_capacity | Percent | Multi | ClusterName | Applicable | |
| node_memory_utilization | The percentage of memory currently being used by the node or nodes | Percent | Multi | ClusterName, InstanceId, NodeName | Applicable |
| node_memory_utilization | Percent | Multi | ClusterName | ||
| node_memory_working_set | The amount of memory, in bytes, being used in the working set of the nodes in the cluster | Bytes | Multi | ClusterName | Applicable |
| node_network_total_bytes | The total number of bytes per second transmitted and received over the network per node in a cluster | Bytes/Second | Multi | ClusterName, InstanceId, NodeName | Applicable |
| node_network_total_bytes | Bytes/Second | Multi | ClusterName | Applicable | |
| node_number_of_running_containers | The number of running containers per node in a cluster | Count | Average | ClusterName, InstanceId, NodeName | Applicable |
| node_number_of_running_containers | Count | Average | ClusterName | ||
| node_number_of_running_pods | The number of running pods per node in a cluster | Count | Average | ClusterName, InstanceId, NodeName | Applicable |
| node_number_of_running_pods | Count | Average | ClusterName | ||
| pod_cpu_reserved_capacity | The CPU capacity that is reserved per pod in a cluster | Percent | Multi | ClusterName, Namespace, PodName | |
| pod_cpu_reserved_capacity | Percent | Multi | ClusterName | ||
| pod_cpu_utilization | The percentage of CPU units being used by pods | Percent | Multi | ClusterName, Namespace | Applicable |
| pod_cpu_utilization | Percent | Multi | ClusterName, Namespace, PodName | ||
| pod_cpu_utilization | Percent | Multi | ClusterName | ||
| pod_cpu_utilization_over_pod_limit | The percentage of CPU units being used by pods that is over the pod limit | Percent | Multi | ClusterName, Namespace | |
| pod_cpu_utilization_over_pod_limit | Percent | Multi | ClusterName, Namespace, PodName | Applicable | |
| pod_cpu_utilization_over_pod_limit | Percent | Multi | ClusterName | ||
| pod_memory_reserved_capacity | The percentage of memory that is reserved for pods | Percent | Multi | ClusterName, Namespace, PodName | |
| pod_memory_reserved_capacity | Percent | Multi | ClusterName | ||
| pod_memory_utilization | The percentage of memory currently being used by the pod or pods | Percent | Multi | ClusterName, Namespace | Applicable |
| pod_memory_utilization | Percent | Multi | ClusterName, Namespace, PodName | ||
| pod_memory_utilization | Percent | Multi | ClusterName | ||
| pod_memory_utilization_over_pod_limit | The percentage of memory that is being used by pods that is over the pod limit | Percent | Multi | ClusterName, Namespace | |
| pod_memory_utilization_over_pod_limit | Percent | Multi | ClusterName, Namespace, PodName | Applicable | |
| pod_memory_utilization_over_pod_limit | Percent | Multi | ClusterName | ||
| pod_network_rx_bytes | The number of bytes per second being received over the network by the pod | Bytes/Second | Multi | ClusterName, Namespace | |
| pod_network_rx_bytes | Bytes/Second | Multi | ClusterName, Namespace, PodName | Applicable | |
| pod_network_rx_bytes | Bytes/Second | Multi | ClusterName | ||
| pod_network_tx_bytes | The number of bytes per second being transmitted over the network by the pod | Bytes/Second | Multi | ClusterName, Namespace | |
| pod_network_tx_bytes | Bytes/Second | Multi | ClusterName, Namespace, PodName | Applicable | |
| pod_network_tx_bytes | Bytes/Second | Multi | ClusterName | ||
| pod_number_of_container_restarts | The total number of container restarts in a pod | Count | Sum | ClusterName, Namespace, PodName | Applicable |
| service_number_of_running_pods | The number of pods running the service or services in the cluster | Count | Average | ClusterName, Namespace, Service | |
| service_number_of_running_pods | Count | Average | ClusterName |
Source: cloudwatch-elastic-beanstalk.md¶
title: Monitor AWS Elastic Beanstalk with CloudWatch metrics source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-with-aws/cloudwatch-metrics/cloudwatch-elastic-beanstalk scraped: 2026-02-16T21:28:03.332746
Monitor AWS Elastic Beanstalk with CloudWatch metrics¶
Monitor AWS Elastic Beanstalk with CloudWatch metrics¶
- How-to guide
- 6-min read
- Published Sep 08, 2020
Dynatrace ingests metrics for multiple preselected namespaces, including AWS Elastic Beanstalk. You can view metrics for each service instance, split metrics into multiple dimensions, and create custom charts that you can pin to your dashboards.
Prerequisites¶
To enable monitoring for this service, you need
-
ActiveGate version 1.197+
-
For Dynatrace SaaS deployments, you need an Environment ActiveGate or a Multi-environment ActiveGate.
For role-based access in a SaaS deployment, you need an Environment ActiveGate installed on an Amazon EC2 host.
- Dynatrace version 1.201+
- An updated AWS monitoring policy to include the additional AWS services.
To update the AWS IAM policy, use the JSON below, containing the monitoring policy (permissions) for all supporting services.
JSON predefined policy for all supporting services
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"acm-pca:ListCertificateAuthorities",
"apigateway:GET",
"apprunner:ListServices",
"appstream:DescribeFleets",
"appsync:ListGraphqlApis",
"athena:ListWorkGroups",
"autoscaling:DescribeAutoScalingGroups",
"cloudformation:ListStackResources",
"cloudfront:ListDistributions",
"cloudhsm:DescribeClusters",
"cloudsearch:DescribeDomains",
"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"codebuild:ListProjects",
"datasync:ListTasks",
"dax:DescribeClusters",
"directconnect:DescribeConnections",
"dms:DescribeReplicationInstances",
"dynamodb:ListTables",
"dynamodb:ListTagsOfResource",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeInstances",
"ec2:DescribeNatGateways",
"ec2:DescribeSpotFleetRequests",
"ec2:DescribeTransitGateways",
"ec2:DescribeVolumes",
"ec2:DescribeVpnConnections",
"ecs:ListClusters",
"eks:ListClusters",
"elasticache:DescribeCacheClusters",
"elasticbeanstalk:DescribeEnvironmentResources",
"elasticbeanstalk:DescribeEnvironments",
"elasticfilesystem:DescribeFileSystems",
"elasticloadbalancing:DescribeInstanceHealth",
"elasticloadbalancing:DescribeListeners",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeRules",
"elasticloadbalancing:DescribeTags",
"elasticloadbalancing:DescribeTargetHealth",
"elasticmapreduce:ListClusters",
"elastictranscoder:ListPipelines",
"es:ListDomainNames",
"events:ListEventBuses",
"firehose:ListDeliveryStreams",
"fsx:DescribeFileSystems",
"gamelift:ListFleets",
"glue:GetJobs",
"inspector:ListAssessmentTemplates",
"kafka:ListClusters",
"kinesis:ListStreams",
"kinesisanalytics:ListApplications",
"kinesisvideo:ListStreams",
"lambda:ListFunctions",
"lambda:ListTags",
"lex:GetBots",
"logs:DescribeLogGroups",
"mediaconnect:ListFlows",
"mediaconvert:DescribeEndpoints",
"mediapackage-vod:ListPackagingConfigurations",
"mediapackage:ListChannels",
"mediatailor:ListPlaybackConfigurations",
"opsworks:DescribeStacks",
"qldb:ListLedgers",
"rds:DescribeDBClusters",
"rds:DescribeDBInstances",
"rds:DescribeEvents",
"rds:ListTagsForResource",
"redshift:DescribeClusters",
"robomaker:ListSimulationJobs",
"route53:ListHostedZones",
"route53resolver:ListResolverEndpoints",
"s3:ListAllMyBuckets",
"sagemaker:ListEndpoints",
"sns:ListTopics",
"sqs:ListQueues",
"storagegateway:ListGateways",
"sts:GetCallerIdentity",
"swf:ListDomains",
"tag:GetResources",
"tag:GetTagKeys",
"transfer:ListServers",
"workmail:ListOrganizations",
"workspaces:DescribeWorkspaces"
],
"Resource": "*"
}
]
}
If you don't want to add permissions to all services, and just select permissions for certain services, consult the table below. The table contains a set of permissions that are required for All AWS cloud services and, for each supporting service, a list of optional permissions specific to that service.
Permissions required for AWS monitoring integration:
"cloudwatch:GetMetricData""cloudwatch:GetMetricStatistics""cloudwatch:ListMetrics""sts:GetCallerIdentity""tag:GetResources""tag:GetTagKeys""ec2:DescribeAvailabilityZones"
Complete list of permissions for cloud services¶
| Name | Permissions |
|---|---|
| All monitored Amazon services Required | cloudwatch:GetMetricData, cloudwatch:GetMetricStatistics, cloudwatch:ListMetrics, sts:GetCallerIdentity, tag:GetResources, tag:GetTagKeys, ec2:DescribeAvailabilityZones |
| AWS Certificate Manager Private Certificate Authority | acm-pca:ListCertificateAuthorities |
| Amazon MQ | |
| Amazon API Gateway | apigateway:GET |
| AWS App Runner | apprunner:ListServices |
| Amazon AppStream | appstream:DescribeFleets |
| AWS AppSync | appsync:ListGraphqlApis |
| Amazon Athena | athena:ListWorkGroups |
| Amazon Aurora | rds:DescribeDBClusters |
| Amazon EC2 Auto Scaling | autoscaling:DescribeAutoScalingGroups |
| Amazon EC2 Auto Scaling (built-in) | autoscaling:DescribeAutoScalingGroups |
| AWS Billing | |
| Amazon Keyspaces | |
| AWS Chatbot | |
| Amazon CloudFront | cloudfront:ListDistributions |
| AWS CloudHSM | cloudhsm:DescribeClusters |
| Amazon CloudSearch | cloudsearch:DescribeDomains |
| AWS CodeBuild | codebuild:ListProjects |
| Amazon Cognito | |
| Amazon Connect | |
| Amazon Elastic Kubernetes Service (EKS) | eks:ListClusters |
| AWS DataSync | datasync:ListTasks |
| Amazon DynamoDB Accelerator (DAX) | dax:DescribeClusters |
| AWS Database Migration Service (AWS DMS) | dms:DescribeReplicationInstances |
| Amazon DocumentDB | rds:DescribeDBClusters |
| AWS Direct Connect | directconnect:DescribeConnections |
| Amazon DynamoDB | dynamodb:ListTables |
| Amazon DynamoDB (built-in) | dynamodb:ListTables, dynamodb:ListTagsOfResource |
| Amazon EBS | ec2:DescribeVolumes |
| Amazon EBS (built-in) | ec2:DescribeVolumes |
| Amazon EC2 API | |
| Amazon EC2 (built-in) | ec2:DescribeInstances |
| Amazon EC2 Spot Fleet | ec2:DescribeSpotFleetRequests |
| Amazon Elastic Container Service (ECS) | ecs:ListClusters |
| Amazon ECS Container Insights | ecs:ListClusters |
| Amazon ElastiCache (EC) | elasticache:DescribeCacheClusters |
| AWS Elastic Beanstalk | elasticbeanstalk:DescribeEnvironments |
| Amazon Elastic File System (EFS) | elasticfilesystem:DescribeFileSystems |
| Amazon Elastic Inference | |
| Amazon Elastic Map Reduce (EMR) | elasticmapreduce:ListClusters |
| Amazon Elasticsearch Service (ES) | es:ListDomainNames |
| Amazon Elastic Transcoder | elastictranscoder:ListPipelines |
| Amazon Elastic Load Balancer (ELB) (built-in) | elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth |
| Amazon EventBridge | events:ListEventBuses |
| Amazon FSx | fsx:DescribeFileSystems |
| Amazon GameLift | gamelift:ListFleets |
| AWS Glue | glue:GetJobs |
| Amazon Inspector | inspector:ListAssessmentTemplates |
| AWS Internet of Things (IoT) | |
| AWS IoT Analytics | |
| Amazon Managed Streaming for Kafka | kafka:ListClusters |
| Amazon Kinesis Data Analytics | kinesisanalytics:ListApplications |
| Amazon Data Firehose | firehose:ListDeliveryStreams |
| Amazon Kinesis Data Streams | kinesis:ListStreams |
| Amazon Kinesis Video Streams | kinesisvideo:ListStreams |
| AWS Lambda | lambda:ListFunctions |
| AWS Lambda (built-in) | lambda:ListFunctions, lambda:ListTags |
| Amazon Lex | lex:GetBots |
| Amazon Application and Network Load Balancer (built-in) | elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth |
| Amazon CloudWatch Logs | logs:DescribeLogGroups |
| AWS Elemental MediaConnect | mediaconnect:ListFlows |
| AWS Elemental MediaConvert | mediaconvert:DescribeEndpoints |
| AWS Elemental MediaPackage Live | mediapackage:ListChannels |
| AWS Elemental MediaPackage Video on Demand | mediapackage-vod:ListPackagingConfigurations |
| AWS Elemental MediaTailor | mediatailor:ListPlaybackConfigurations |
| Amazon VPC NAT Gateways | ec2:DescribeNatGateways |
| Amazon Neptune | rds:DescribeDBClusters |
| AWS OpsWorks | opsworks:DescribeStacks |
| Amazon Polly | |
| Amazon QLDB | qldb:ListLedgers |
| Amazon RDS | rds:DescribeDBInstances |
| Amazon RDS (built-in) | rds:DescribeDBInstances, rds:DescribeEvents, rds:ListTagsForResource |
| Amazon Redshift | redshift:DescribeClusters |
| Amazon Rekognition | |
| AWS RoboMaker | robomaker:ListSimulationJobs |
| Amazon Route 53 | route53:ListHostedZones |
| Amazon Route 53 Resolver | route53resolver:ListResolverEndpoints |
| Amazon S3 | s3:ListAllMyBuckets |
| Amazon S3 (built-in) | s3:ListAllMyBuckets |
| Amazon SageMaker Batch Transform Jobs | |
| Amazon SageMaker Endpoint Instances | sagemaker:ListEndpoints |
| Amazon SageMaker Endpoints | sagemaker:ListEndpoints |
| Amazon SageMaker Ground Truth | |
| Amazon SageMaker Processing Jobs | |
| Amazon SageMaker Training Jobs | |
| AWS Service Catalog | |
| Amazon Simple Email Service (SES) | |
| Amazon Simple Notification Service (SNS) | sns:ListTopics |
| Amazon Simple Queue Service (SQS) | sqs:ListQueues |
| AWS Systems Manager - Run Command | |
| AWS Step Functions | |
| AWS Storage Gateway | storagegateway:ListGateways |
| Amazon SWF | swf:ListDomains |
| Amazon Textract | |
| AWS IoT Things Graph | |
| AWS Transfer Family | transfer:ListServers |
| AWS Transit Gateway | ec2:DescribeTransitGateways |
| Amazon Translate | |
| AWS Trusted Advisor | |
| AWS API Usage | |
| AWS Site-to-Site VPN | ec2:DescribeVpnConnections |
| AWS WAF Classic | |
| AWS WAF | |
| Amazon WorkMail | workmail:ListOrganizations |
| Amazon WorkSpaces | workspaces:DescribeWorkspaces |
Example of JSON policy for one single service.
JSON policy for Amazon API Gateway
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"apigateway:GET",
"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"sts:GetCallerIdentity",
"tag:GetResources",
"tag:GetTagKeys",
"ec2:DescribeAvailabilityZones"
],
"Resource": "*"
}
]
}
In this example, from the complete list of permissions you need to select
"apigateway:GET"for Amazon API Gateway"cloudwatch:GetMetricData","cloudwatch:GetMetricStatistics","cloudwatch:ListMetrics","sts:GetCallerIdentity","tag:GetResources","tag:GetTagKeys", and"ec2:DescribeAvailabilityZones"for All AWS cloud services.
Install OneAgent Optional¶
To install and customize OneAgent, see Deploy OneAgent on AWS Elastic Beanstalk.
AWS endpoints that need to be reachable from ActiveGate with corresponding AWS services¶
| Endpoint | Service |
|---|---|
autoscaling.<REGION>.amazonaws.com |
Amazon EC2 Auto Scaling (built-in), Amazon EC2 Auto Scaling |
lambda.<REGION>.amazonaws.com |
AWS Lambda (built-in), AWS Lambda |
elasticloadbalancing.<REGION>.amazonaws.com |
Amazon Application and Network Load Balancer (built-in), Amazon Elastic Load Balancer (ELB) (built-in) |
dynamodb.<REGION>.amazonaws.com |
Amazon DynamoDB (built-in), Amazon DynamoDB |
ec2.<REGION>.amazonaws.com |
Amazon EBS (built-in), Amazon EC2 (built-in), Amazon EBS, Amazon EC2 Spot Fleet, Amazon VPC NAT Gateways, AWS Transit Gateway, AWS Site-to-Site VPN |
rds.<REGION>.amazonaws.com |
Amazon RDS (built-in), Amazon Aurora, Amazon DocumentDB, Amazon Neptune, Amazon RDS |
s3.<REGION>.amazonaws.com |
Amazon S3 (built-in) |
acm-pca.<REGION>.amazonaws.com |
AWS Certificate Manager Private Certificate Authority |
apigateway.<REGION>.amazonaws.com |
Amazon API Gateway |
apprunner.<REGION>.amazonaws.com |
AWS App Runner |
appstream2.<REGION>.amazonaws.com |
Amazon AppStream |
appsync.<REGION>.amazonaws.com |
AWS AppSync |
athena.<REGION>.amazonaws.com |
Amazon Athena |
cloudfront.amazonaws.com |
Amazon CloudFront |
cloudhsmv2.<REGION>.amazonaws.com |
AWS CloudHSM |
cloudsearch.<REGION>.amazonaws.com |
Amazon CloudSearch |
codebuild.<REGION>.amazonaws.com |
AWS CodeBuild |
datasync.<REGION>.amazonaws.com |
AWS DataSync |
dax.<REGION>.amazonaws.com |
Amazon DynamoDB Accelerator (DAX) |
dms.<REGION>.amazonaws.com |
AWS Database Migration Service (AWS DMS) |
directconnect.<REGION>.amazonaws.com |
AWS Direct Connect |
ecs.<REGION>.amazonaws.com |
Amazon Elastic Container Service (ECS), Amazon ECS Container Insights |
elasticfilesystem.<REGION>.amazonaws.com |
Amazon Elastic File System (EFS) |
eks.<REGION>.amazonaws.com |
Amazon Elastic Kubernetes Service (EKS) |
elasticache.<REGION>.amazonaws.com |
Amazon ElastiCache (EC) |
elasticbeanstalk.<REGION>.amazonaws.com |
AWS Elastic Beanstalk |
elastictranscoder.<REGION>.amazonaws.com |
Amazon Elastic Transcoder |
es.<REGION>.amazonaws.com |
Amazon Elasticsearch Service (ES) |
events.<REGION>.amazonaws.com |
Amazon EventBridge |
fsx.<REGION>.amazonaws.com |
Amazon FSx |
gamelift.<REGION>.amazonaws.com |
Amazon GameLift |
glue.<REGION>.amazonaws.com |
AWS Glue |
inspector.<REGION>.amazonaws.com |
Amazon Inspector |
kafka.<REGION>.amazonaws.com |
Amazon Managed Streaming for Kafka |
models.lex.<REGION>.amazonaws.com |
Amazon Lex |
logs.<REGION>.amazonaws.com |
Amazon CloudWatch Logs |
api.mediatailor.<REGION>.amazonaws.com |
AWS Elemental MediaTailor |
mediaconnect.<REGION>.amazonaws.com |
AWS Elemental MediaConnect |
mediapackage.<REGION>.amazonaws.com |
AWS Elemental MediaPackage Live |
mediapackage-vod.<REGION>.amazonaws.com |
AWS Elemental MediaPackage Video on Demand |
opsworks.<REGION>.amazonaws.com |
AWS OpsWorks |
qldb.<REGION>.amazonaws.com |
Amazon QLDB |
redshift.<REGION>.amazonaws.com |
Amazon Redshift |
robomaker.<REGION>.amazonaws.com |
AWS RoboMaker |
route53.amazonaws.com |
Amazon Route 53 |
route53resolver.<REGION>.amazonaws.com |
Amazon Route 53 Resolver |
api.sagemaker.<REGION>.amazonaws.com |
Amazon SageMaker Endpoints, Amazon SageMaker Endpoint Instances |
sns.<REGION>.amazonaws.com |
Amazon Simple Notification Service (SNS) |
sqs.<REGION>.amazonaws.com |
Amazon Simple Queue Service (SQS) |
storagegateway.<REGION>.amazonaws.com |
AWS Storage Gateway |
swf.<REGION>.amazonaws.com |
Amazon SWF |
transfer.<REGION>.amazonaws.com |
AWS Transfer Family |
workmail.<REGION>.amazonaws.com |
Amazon WorkMail |
workspaces.<REGION>.amazonaws.com |
Amazon WorkSpaces |
Enable monitoring¶
To learn how to enable service monitoring, see Enable service monitoring.
View service metrics¶
You can view the service metrics in your Dynatrace environment either on the custom device overview page or on your Dashboards page.
View metrics on the custom device overview page¶
To access the custom device overview page
- Go to
Technologies & Processes Classic. - Filter by service name and select the relevant custom device group.
- Once you select the custom device group, you're on the custom device group overview page.
- The custom device group overview page lists all instances (custom devices) belonging to the group. Select an instance to view the custom device overview page.
View metrics on your dashboard¶
After you add the service to monitoring, a preset dashboard containing all recommended metrics is automatically listed on your Dashboards page. To look for specific dashboards, filter by Preset and then by Name.

For existing monitored services, you might need to resave your credentials for the preset dashboard to appear on the Dashboards page. To resave your credentials, go to Settings > Cloud and virtualization > AWS, select the desired AWS instance, and then select Save.
You can't make changes on a preset dashboard directly, but you can clone and edit it. To clone a dashboard, open the browse menu (â¦) and select Clone.
To remove a dashboard from the dashboards page, you can hide it. To hide a dashboard, open the browse menu (â¦) and select Hide.
Hiding a dashboard doesn't affect other users.

To check the availability of preset dashboards for each AWS service, see the list below.
Preset dashboard availability list¶
| AWS service | Preset dashboard |
|---|---|
| Amazon EC2 Auto Scaling (built-in) | Not applicable |
| AWS Lambda (built-in) | Not applicable |
| Amazon Application and Network Load Balancer (built-in) | Not applicable |
| Amazon DynamoDB (built-in) | Not applicable |
| Amazon EBS (built-in) | Not applicable |
| Amazon EC2 (built-in) | Not applicable |
| Amazon Elastic Load Balancer (ELB) (built-in) | Not applicable |
| Amazon RDS (built-in) | Not applicable |
| Amazon S3 (built-in) | Not applicable |
| AWS Certificate Manager Private Certificate Authority | Not applicable |
| All monitored Amazon services | Not applicable |
| Amazon API Gateway | Not applicable |
| AWS App Runner | Not applicable |
| Amazon AppStream | Applicable |
| AWS AppSync | Applicable |
| Amazon Athena | Applicable |
| Amazon Aurora | Not applicable |
| Amazon EC2 Auto Scaling | Applicable |
| AWS Billing | Applicable |
| Amazon Keyspaces | Applicable |
| AWS Chatbot | Applicable |
| Amazon CloudFront | Not applicable |
| AWS CloudHSM | Applicable |
| Amazon CloudSearch | Applicable |
| AWS CodeBuild | Applicable |
| Amazon Cognito | Not applicable |
| Amazon Connect | Applicable |
| AWS DataSync | Applicable |
| Amazon DynamoDB Accelerator (DAX) | Applicable |
| AWS Database Migration Service (AWS DMS) | Applicable |
| Amazon DocumentDB | Applicable |
| AWS Direct Connect | Applicable |
| Amazon DynamoDB | Not applicable |
| Amazon EBS | Not applicable |
| Amazon EC2 Spot Fleet | Not applicable |
| Amazon EC2 API | Applicable |
| Amazon Elastic Container Service (ECS) | Not applicable |
| Amazon ECS Container Insights | Applicable |
| Amazon Elastic File System (EFS) | Not applicable |
| Amazon Elastic Kubernetes Service (EKS) | Applicable |
| Amazon ElastiCache (EC) | Not applicable |
| AWS Elastic Beanstalk | Applicable |
| Amazon Elastic Inference | Applicable |
| Amazon Elastic Transcoder | Applicable |
| Amazon Elastic Map Reduce (EMR) | Not applicable |
| Amazon Elasticsearch Service (ES) | Not applicable |
| Amazon EventBridge | Applicable |
| Amazon FSx | Applicable |
| Amazon GameLift | Applicable |
| AWS Glue | Not applicable |
| Amazon Inspector | Applicable |
| AWS Internet of Things (IoT) | Not applicable |
| AWS IoT Things Graph | Applicable |
| AWS IoT Analytics | Applicable |
| Amazon Managed Streaming for Kafka | Applicable |
| Amazon Kinesis Data Analytics | Not applicable |
| Amazon Data Firehose | Not applicable |
| Amazon Kinesis Data Streams | Not applicable |
| Amazon Kinesis Video Streams | Not applicable |
| AWS Lambda | Not applicable |
| Amazon Lex | Applicable |
| Amazon CloudWatch Logs | Applicable |
| AWS Elemental MediaTailor | Applicable |
| AWS Elemental MediaConnect | Applicable |
| AWS Elemental MediaConvert | Applicable |
| AWS Elemental MediaPackage Live | Applicable |
| AWS Elemental MediaPackage Video on Demand | Applicable |
| Amazon MQ | Applicable |
| Amazon VPC NAT Gateways | Not applicable |
| Amazon Neptune | Applicable |
| AWS OpsWorks | Applicable |
| Amazon Polly | Applicable |
| Amazon QLDB | Applicable |
| Amazon RDS | Not applicable |
| Amazon Redshift | Not applicable |
| Amazon Rekognition | Applicable |
| AWS RoboMaker | Applicable |
| Amazon Route 53 | Applicable |
| Amazon Route 53 Resolver | Applicable |
| Amazon S3 | Not applicable |
| Amazon SageMaker Batch Transform Jobs | Not applicable |
| Amazon SageMaker Endpoints | Not applicable |
| Amazon SageMaker Endpoint Instances | Not applicable |
| Amazon SageMaker Ground Truth | Not applicable |
| Amazon SageMaker Processing Jobs | Not applicable |
| Amazon SageMaker Training Jobs | Not applicable |
| AWS Service Catalog | Applicable |
| Amazon Simple Email Service (SES) | Not applicable |
| Amazon Simple Notification Service (SNS) | Not applicable |
| Amazon Simple Queue Service (SQS) | Not applicable |
| AWS Systems Manager - Run Command | Applicable |
| AWS Step Functions | Applicable |
| AWS Storage Gateway | Applicable |
| Amazon SWF | Applicable |
| Amazon Textract | Applicable |
| AWS Transfer Family | Applicable |
| AWS Transit Gateway | Applicable |
| Amazon Translate | Applicable |
| AWS Trusted Advisor | Applicable |
| AWS API Usage | Applicable |
| AWS Site-to-Site VPN | Applicable |
| AWS WAF Classic | Applicable |
| AWS WAF | Applicable |
| Amazon WorkMail | Applicable |
| Amazon WorkSpaces | Applicable |

Available metrics¶
| Name | Description | Unit | Statistics | Dimensions | Recommended |
|---|---|---|---|---|---|
| ApplicationLatencyP10 | The average amount of time, in seconds, it takes to complete the fastest 10% of requests (instance and environment) | Seconds | Multi | EnvironmentName, InstanceId | |
| ApplicationLatencyP10 | Seconds | Multi | EnvironmentName | ||
| ApplicationLatencyP50 | The average amount of time, in seconds, it takes to complete the fastest 50% of requests (instance and environment) | Seconds | Multi | EnvironmentName, InstanceId | |
| ApplicationLatencyP50 | Seconds | Multi | EnvironmentName | ||
| ApplicationLatencyP75 | The average amount of time, in seconds, it takes to complete the fastest 75% of requests (instance and environment) | Seconds | Multi | EnvironmentName, InstanceId | |
| ApplicationLatencyP75 | Seconds | Multi | EnvironmentName | ||
| ApplicationLatencyP85 | The average amount of time, in seconds, it takes to complete the fastest 85% of requests (instance and environment) | Seconds | Multi | EnvironmentName, InstanceId | |
| ApplicationLatencyP85 | Seconds | Multi | EnvironmentName | ||
| ApplicationLatencyP90 | The average amount of time, in seconds, it takes to complete the fastest 90% of requests (instance and environment) | Seconds | Multi | EnvironmentName, InstanceId | |
| ApplicationLatencyP90 | Seconds | Multi | EnvironmentName | Applicable | |
| ApplicationLatencyP95 | The average amount of time, in seconds, it takes to complete the fastest 95% of requests (instance and environment) | Seconds | Multi | EnvironmentName, InstanceId | |
| ApplicationLatencyP95 | Seconds | Multi | EnvironmentName | ||
| ApplicationLatencyP99 | The average amount of time, in seconds, it takes to complete the fastest 99% of requests (instance and environment) | Seconds | Multi | EnvironmentName, InstanceId | |
| ApplicationLatencyP99 | Seconds | Multi | EnvironmentName | ||
| ApplicationLatencyP99.9 | The average amount of time, in seconds, it takes to complete the fastest 99.9% of requests (instance and environment) | Seconds | Multi | EnvironmentName, InstanceId | |
| ApplicationLatencyP99.9 | Seconds | Multi | EnvironmentName | ||
| ApplicationRequestsTotal | The total number of requests completed by the instance or environment | Count | Sum | EnvironmentName, InstanceId | |
| ApplicationRequestsTotal | Count | Sum | EnvironmentName | Applicable | |
| ApplicationRequests2xx | The number of requests that completed with a 2XX status code (instance and environment) |
Count | Sum | EnvironmentName, InstanceId | |
| ApplicationRequests2xx | Count | Sum | EnvironmentName | ||
| ApplicationRequests3xx | The number of requests that completed with a 3XX status code (instance and environment) |
Count | Sum | EnvironmentName, InstanceId | |
| ApplicationRequests3xx | Count | Sum | EnvironmentName | ||
| ApplicationRequests4xx | The number of requests that completed with a 4XX status code (instance and environment) |
Count | Sum | EnvironmentName, InstanceId | |
| ApplicationRequests4xx | Count | Sum | EnvironmentName | Applicable | |
| ApplicationRequests5xx | The number of requests that completed with a 5XX status code (instance and environment) |
Count | Sum | EnvironmentName, InstanceId | |
| ApplicationRequests5xx | Count | Sum | EnvironmentName | Applicable | |
| CPUIdle | The percentage of time the CPU was in idle state in the last minute (instance only) | Percent | Multi | EnvironmentName, InstanceId | |
| CPUIowait | The percentage of time the CPU was in iowait state in the last minute (instance only) |
Percent | Multi | EnvironmentName, InstanceId | |
| CPUIrq | The percentage of time the CPU was in irq state in the last minute (instance only) |
Percent | Multi | EnvironmentName, InstanceId | |
| CPUNice | The percentage of time the CPU was in nice state in the last minute (instance only) |
Percent | Multi | EnvironmentName, InstanceId | |
| CPUPrivileged | The percentage of time the CPU was in privileged state in the last minute (instance only) |
Percent | Multi | EnvironmentName, InstanceId | |
| CPUSoftirq | The percentage of time the CPU was in softirq state in the last minute (instance only) |
Percent | Multi | EnvironmentName, InstanceId | |
| CPUSystem | The percentage of time the CPU was in system state in the last minute (instance only) |
Percent | Multi | EnvironmentName, InstanceId | |
| CPUUser | The percentage of time the CPU was in user state in the last minute (instance only) |
Percent | Multi | EnvironmentName, InstanceId | |
| EnvironmentHealth | The current health status of the environment, with seven possible values: 0 - OK, 1 - Info, 5 - Unknown, 10 - No data, 15 - Warning, 20 - Degraded, and 25 - Severe |
None | Multi | EnvironmentName | Applicable |
| InstanceHealth | The current health status of the instance, with seven possible values: 0 - OK, 1 - Info, 5 - Unknown, 10 - No data, 15 - Warning, 20 - Degraded, and 25 - Severe |
None | Multi | EnvironmentName, InstanceId | Applicable |
| InstancesDegraded | The number of instances in the environment with degraded health status (environment only) |
Count | Multi | EnvironmentName | |
| InstancesInfo | The number of instances in the environment with info health status (environment only) |
Count | Multi | EnvironmentName | |
| InstancesNoData | The number of instances for which no data is being received (environment only) | Count | Multi | EnvironmentName | |
| InstancesOk | The number of instances in the environment with OK health status (environment only) |
Count | Multi | EnvironmentName | |
| InstancesPending | The number of instances in the environment with pending health status (environment only) |
Count | Multi | EnvironmentName | |
| InstancesSevere | The number of instances in the environment with severe health status (environment only) |
Count | Multi | EnvironmentName | |
| InstancesUnknown | The number of instances in the environment with unknown health status (environment only) |
Count | Multi | EnvironmentName | |
| InstancesWarning | The number of instances in the environment with warning health status (environment only) |
Count | Multi | EnvironmentName | |
| LoadAverage1min | The average CPU load of the instance over the last minute (instance only) | Percent | Multi | EnvironmentName, InstanceId | |
| LoadAverage5min | The average CPU load of the instance over the last five minutes (instance only) | Percent | Multi | EnvironmentName, InstanceId | |
| RootFilesystemUtil | The percentage of disk space that's in use (instance only) | Percent | Multi | EnvironmentName, InstanceId | |
| RootFilesystemUtil | Percent | Multi | EnvironmentName |
Source: default-aws-metrics.md¶
title: Classic (formerly 'built-in') AWS metrics source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-with-aws/cloudwatch-metrics/default-aws-metrics scraped: 2026-02-18T05:48:20.741207
Classic (formerly 'built-in') AWS metrics¶
Classic (formerly 'built-in') AWS metrics¶
- Reference
- 1-min read
- Updated on Jan 29, 2024
For information about differences between classic services and other services, see Migrate from AWS classic (formerly 'built-in') services to cloud services.
The table below lists all AWS metrics that Dynatrace collects by default when you enable AWS monitoring.
For all other metrics collected by Dynatrace per configurable AWS service, see the cloud services pages.
| Metric key | Name | Unit | Aggregations |
|---|---|---|---|
| builtin:cloud.aws.alb.connections.active | ALB number of active connections | Count | autoavgmaxmin |
| builtin:cloud.aws.alb.connections.new | ALB number of new connections | Count | autovalue |
| builtin:cloud.aws.alb.errors.alb.http4xx | ALB number of 4XX errors | Count | autovalue |
| builtin:cloud.aws.alb.errors.alb.http5xx | ALB number of 5XX errors | Count | autovalue |
| builtin:cloud.aws.alb.errors.target.http4xx | ALB number of 4XX target errors | Count | autovalue |
| builtin:cloud.aws.alb.errors.target.http5xx | ALB number of 5XX target errors | Count | autovalue |
| builtin:cloud.aws.alb.errors.rejCon | ALB number of rejected connections | Count | autovalue |
| builtin:cloud.aws.alb.errors.targConn | ALB number of target connection errors | Count | autovalue |
| builtin:cloud.aws.alb.errors.tlsNeg | ALB number of client TLS negotiation errors | Count | autovalue |
| builtin:cloud.aws.alb.bytes | ALB number of processed bytes | Count | autovalue |
| builtin:cloud.aws.alb.lcus | ALB number of consumed LCUs | Count | autovalue |
| builtin:cloud.aws.alb.requests | ALB number of requests | Count | autovalue |
| builtin:cloud.aws.alb.respTime | ALB target response time | Second | autoavgmaxmin |
| builtin:cloud.aws.asg.running | Number of running EC2 instances (ASG) | Count | autoavgmaxmin |
| builtin:cloud.aws.asg.stopped | Number of stopped EC2 instances (ASG) | Count | autoavgmaxmin |
| builtin:cloud.aws.asg.terminated | Number of terminated EC2 instances (ASG) | Count | autoavgmaxmin |
| builtin:cloud.aws.az.running | Number of running EC2 instances (AZ) | Count | autoavgmaxmin |
| builtin:cloud.aws.az.stopped | Number of stopped EC2 instances (AZ) | Count | autoavgmaxmin |
| builtin:cloud.aws.az.terminated | Number of terminated EC2 instances (AZ) | Count | autoavgmaxmin |
| builtin:cloud.aws.dynamo.capacityUnits.consumed.read | DynamoDB read capacity units | Count | autovalue |
| builtin:cloud.aws.dynamo.capacityUnits.consumed.write | DynamoDB write capacity units | Count | autovalue |
| builtin:cloud.aws.dynamo.capacityUnits.provisioned.read | DynamoDB provisioned read capacity units | Count | autovalue |
| builtin:cloud.aws.dynamo.capacityUnits.provisioned.write | DynamoDB provisioned write capacity units | Count | autovalue |
| builtin:cloud.aws.dynamo.capacityUnits.read | DynamoDB read capacity units % | Percent (%) | autoavgmaxmin |
| builtin:cloud.aws.dynamo.capacityUnits.write | DynamoDB write capacity units % | Percent (%) | autoavgmaxmin |
| builtin:cloud.aws.dynamo.errors.system | DynamoDB number of requests with HTTP 500 status code | Count | autovalue |
| builtin:cloud.aws.dynamo.errors.user | DynamoDB number of requests with HTTP 400 status code | Count | autovalue |
| builtin:cloud.aws.dynamo.requests.latency | DynamoDB number of successful request latency for operation | Millisecond | autoavgmaxmin |
| builtin:cloud.aws.dynamo.requests.returnedItems | DynamoDB number of items returned by operation | Count | autovalue |
| builtin:cloud.aws.dynamo.requests.throttled | DynamoDB number of throttled requests for operation | Count | autovalue |
| builtin:cloud.aws.dynamo.throttledEvents.read | DynamoDB number of read throttled events | Count | autovalue |
| builtin:cloud.aws.dynamo.throttledEvents.write | DynamoDB number of write throttled events | Count | autovalue |
| builtin:cloud.aws.dynamo.tables | Number of tables for AvailabilityZone | Count | autoavgmaxmin |
| builtin:cloud.aws.ebs.latency.read | EBS volume read latency | Second | autoavgmaxmin |
| builtin:cloud.aws.ebs.latency.write | EBS volume write latency | Second | autoavgmaxmin |
| builtin:cloud.aws.ebs.ops.consumed | EBS volume consumed OPS | Per second | autovalue |
| builtin:cloud.aws.ebs.ops.read | EBS volume read OPS | Per second | autoavgmaxmin |
| builtin:cloud.aws.ebs.ops.write | EBS volume write OPS | Per second | autoavgmaxmin |
| builtin:cloud.aws.ebs.throughput.percent | EBS volume throughput % | Percent (%) | autoavgmaxmin |
| builtin:cloud.aws.ebs.throughput.read | EBS volume read throughput | Per second | autoavgmaxmin |
| builtin:cloud.aws.ebs.throughput.write | EBS volume write throughput | Per second | autoavgmaxmin |
| builtin:cloud.aws.ebs.idleTime | EBS volume idle time % | Percent (%) | autoavgmaxmin |
| builtin:cloud.aws.ebs.queue | EBS volume queue length | Count | autoavgmaxmin |
| builtin:cloud.aws.ec2.cpu.usage | EC2 CPU usage % | Percent (%) | autoavgmaxmin |
| builtin:cloud.aws.ec2.disk.readOps | EC2 instance storage read IOPS | Per second | autoavgmaxmin |
| builtin:cloud.aws.ec2.disk.readRate | EC2 instance storage read rate | kB/s | autoavgmaxmin |
| builtin:cloud.aws.ec2.disk.writeOps | EC2 instance storage write IOPS | Per second | autoavgmaxmin |
| builtin:cloud.aws.ec2.disk.writeRate | EC2 instance storage write rate | kB/s | autoavgmaxmin |
| builtin:cloud.aws.ec2.net.rx | EC2 network data received rate | Byte/second | autoavgmaxmin |
| builtin:cloud.aws.ec2.net.tx | EC2 network data transmitted rate | Byte/second | autoavgmaxmin |
| builtin:cloud.aws.elb.errors.backend.connection | CLB backend connection errors | Count | autovalue |
| builtin:cloud.aws.elb.errors.backend.http2xx | CLB number of backend 2XX errors | Count | autovalue |
| builtin:cloud.aws.elb.errors.backend.http3xx | CLB number of backend 3XX errors | Count | autovalue |
| builtin:cloud.aws.elb.errors.backend.http4xx | CLB number of backend 4XX errors | Count | autovalue |
| builtin:cloud.aws.elb.errors.backend.http5xx | CLB number of backend 5XX errors | Count | autovalue |
| builtin:cloud.aws.elb.errors.elb.http4xx | CLB number of 4XX errors | Count | autovalue |
| builtin:cloud.aws.elb.errors.elb.http5xx | CLB number of 5XX errors | Count | autovalue |
| builtin:cloud.aws.elb.errors.frontend | CLB frontend errors percentage | Percent (%) | autoavgmaxmin |
| builtin:cloud.aws.elb.hosts.healthy | CLB number of healthy hosts | Count | autoavgmaxmin |
| builtin:cloud.aws.elb.hosts.unhealthy | CLB number of unhealthy hosts | Count | autoavgmaxmin |
| builtin:cloud.aws.elb.latency | CLB latency | Second | autoavgmaxmin |
| builtin:cloud.aws.elb.reqCompl | CLB number of completed requests | Count | autovalue |
| builtin:cloud.aws.lambda.concExecutions | LambdaFunction concurrent executions count | Count | autoavgcountmaxminsum |
| builtin:cloud.aws.lambda.duration | LambdaFunction code execution time. | Millisecond | autoavgcountmaxminsum |
| builtin:cloud.aws.lambda.errors | LambdaFunction number of failed invocations with HTTP 4XX status code | Count | autovalue |
| builtin:cloud.aws.lambda.errorsRate | LambdaFunction rate of failed invocations to all invocations % | Percent (%) | autoavgmaxmin |
| builtin:cloud.aws.lambda.invocations | LambdaFunction number of times a function is invoked | Count | autovalue |
| builtin:cloud.aws.lambda.provConcExecutions | LambdaFunction provisioned concurrent executions count | Count | autovalue |
| builtin:cloud.aws.lambda.provConcInvocations | LambdaFunction provisioned concurrency invocation count | Count | autovalue |
| builtin:cloud.aws.lambda.provConcSpilloverInvocations | LambdaFunction provisioned concurrency spillover invocation count | Count | autovalue |
| builtin:cloud.aws.lambda.throttlers | LambdaFunction throttled function invocation count | Count | autovalue |
| builtin:cloud.aws.nlb.flow.active | NLB number of active flows | Count | autoavgmaxmin |
| builtin:cloud.aws.nlb.flow.new | NLB number of new flows | Count | autovalue |
| builtin:cloud.aws.nlb.tcp.reset.client | NLB number of client resets | Count | autovalue |
| builtin:cloud.aws.nlb.tcp.reset.elb | NLB number of resets | Count | autovalue |
| builtin:cloud.aws.nlb.tcp.reset.target | NLB number of target resets | Count | autovalue |
| builtin:cloud.aws.nlb.bytes | NLB number of processed bytes | Count | autovalue |
| builtin:cloud.aws.nlb.lcus | NLB number of consumed LCUs | Count | autovalue |
| builtin:cloud.aws.rds.cpu.usage | RDS CPU usage % | Percent (%) | autoavgmaxmin |
| builtin:cloud.aws.rds.latency.read | RDS read latency | Second | autoavgmaxmin |
| builtin:cloud.aws.rds.latency.write | RDS write latency | Second | autoavgmaxmin |
| builtin:cloud.aws.rds.memory.freeable | RDS freeable memory | Byte | autoavgmaxmin |
| builtin:cloud.aws.rds.memory.swap | RDS swap usage | Byte | autoavgmaxmin |
| builtin:cloud.aws.rds.net.rx | RDS network received throughput | Byte/second | autoavgmaxmin |
| builtin:cloud.aws.rds.net.tx | RDS network transmitted throughput | Byte/second | autoavgmaxmin |
| builtin:cloud.aws.rds.ops.read | RDS read IOPS | Per second | autoavgmaxmin |
| builtin:cloud.aws.rds.ops.write | RDS write IOPS | Per second | autoavgmaxmin |
| builtin:cloud.aws.rds.throughput.read | RDS read throughput | Byte/second | autoavgmaxmin |
| builtin:cloud.aws.rds.throughput.write | RDS write throughput | Byte/second | autoavgmaxmin |
| builtin:cloud.aws.rds.connections | RDS connections | Count | autoavgmaxmin |
| builtin:cloud.aws.rds.free | RDS free storage space % | Percent (%) | autoavgmaxmin |
| builtin:cloud.aws.rds.restarts | RDS restarts | Count | autovalue |
Source: tags-and-management-zones-aws.md¶
title: Tags and management zones for AWS integration source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-with-aws/cloudwatch-metrics/tags-and-management-zones-aws scraped: 2026-02-17T05:04:07.494866
Tags and management zones for AWS integration¶
Tags and management zones for AWS integration¶
- How-to guide
- 4-min read
- Updated on Feb 20, 2024
To organize cloud entities in your environment and simplify searches for them, you can use tags and basic instance properties imported from the cloud, as well as tags and management zones assigned in Dynatrace. Tags and management zones are applied to cloud entities just as they are for other entities, but they are best applied via the entity selector.
Cloud entities in your environment¶
You can browse all cloud entites in your environment using their ID or type from cloud entity types via the entity selector, just as for other entities. You can also explore all available properties and relationships available for each individual resource or type.
You can also browse their metrics using entity selector as part of metric selector, e.g. in Data Explorer.
Cloud entity types
To learn more about Dynatrace cloud entities and to check which ones can have tags imported from the cloud, see Cloud services with their respective Dynatrace entity types.
Add an automatically applied tag to cloud entities¶
Follow the steps below to automatically apply a tag to cloud entities. To learn more about tags, see Define and apply tags.
- Go to Settings > Tags > Automatically applied tags.
- Select Create tag and type a name for the new tag in the Tag name field.
- Select Add a new rule.
- Optional Optional tag value. This value appears next to the tag name that the rule is specified for, after a
:, and is used to provide more precise information based on the individual rule. Note that for rules based on the entity selector, this value cannot be extracted from the entity itself using placeholders. - From the Rule type list, choose the Entity selector type.
- Use one of the code snippets from the examples and adapt it with your own values to apply tags to cloud entities matching your entity selector.
- Select Preview to verify the results returned by the specific entity selector.
- Select Save changes.
Example of a rule-based entity selector

Add cloud entities to existing management zones¶
Follow the steps below to add cloud entities to existing management zones. To learn more about management zones, see Set up management zones.
- Go to Settings > Preferences > Management zones.
- Edit an existing management zone and select Add a new rule.
- In the Rule applies to list, choose the Entity selector.
- Use one of the code snippets from the examples and adapt it with your own values to add to the management zone cloud entities matching the entity selector.
- Select Preview to verify the results returned by the specific entity selector.
- Select Save changes.
Example of a management zone based on the entity selector

Entity selector examples for AWS entities¶
You can use the examples below and cloud entity types to suit your own needs.
Regions and zones
AWS account
Tags
Other properties
Non-built-in cloud services types
Non-built-in cloud service - specific service type: Lambda
Lambda (built-in) in region
type(AWS_LAMBDA_FUNCTION),toRelationships.isSiteOf(type(AWS_AVAILABILITY_ZONE),regionName("us-east-1"))
Lambda (built-in) in availability zones
type(AWS_LAMBDA_FUNCTION),toRelationships.isSiteOf(type(AWS_AVAILABILITY_ZONE),entityName("us-east-1a"))
type(EC2_INSTANCE),fromRelationships.isAccessibleBy(type(AWS_CREDENTIALS),awsAccountId("908070605040"))
Non-built-in cloud services
Non-built-in cloud service - specific service type
Built-in cloud services
Non-built-in cloud services
Non-built-in cloud service - specific service type
Built-in cloud services
type("RELATIONAL_DATABASE_SERVICE"),arn("arn:aws:rds:us-east-1:908070605040:db:database-1-instance-1")
EC2
Lambda
Services
Process groups and hosts
type(EC2_INSTANCE),fromRelationships.isAccessibleBy(type(AWS_CREDENTIALS),awsAccountId("908070605040"))
EC2s with OneAgent installed
EC2s without OneAgent installed
Lambda properties
Lambda (built-in) in region
type(AWS_LAMBDA_FUNCTION),toRelationships.isSiteOf(type(AWS_AVAILABILITY_ZONE),regionName("us-east-1"))
Lambda (built-in) in availability zones
type(AWS_LAMBDA_FUNCTION),toRelationships.isSiteOf(type(AWS_AVAILABILITY_ZONE),entityName("us-east-1a"))
Lambdas with OneAgent installed
Lambdas without OneAgent installed
Lambda (built-in) with OneAgent installed
Lambdas (built-in) without OneAgent installed
Services also monitored by AWS integration
EC2
type(SERVICE),fromRelationships.runsOnHost(type(HOST),fromRelationships.runsOn(type(EC2_INSTANCE),fromRelationships.isAccessibleBy(type(AWS_CREDENTIALS),awsAccountId("908070605040"))))
Lambda
type(SERVICE),fromRelationships.runsOn(type(cloud:aws:lambda),fromRelationships.isAccessibleBy(type(AWS_CREDENTIALS)))
Lambda (built-in)
type(SERVICE),fromRelationships.runsOn(type(AWS_LAMBDA_FUNCTION),fromRelationships.isAccessibleBy(type(AWS_CREDENTIALS)))
type(SERVICE),fromRelationships.runsOn(type(AWS_LAMBDA_FUNCTION), entityId("AWS_LAMBDA_FUNCTION-60AAABCDF1234B3A"))
Process groups and hosts also monitored by AWS integration
type(HOST),fromRelationships.runsOn(type(EC2_INSTANCE),fromRelationships.isAccessibleBy(type(AWS_CREDENTIALS),awsAccountId("908070605040")))
type(PROCESS_GROUP_INSTANCE),fromRelationships.isProcessOf(type(HOST),fromRelationships.runsOn(type(EC2_INSTANCE),fromRelationships.isAccessibleBy(type(AWS_CREDENTIALS),awsAccountId("908070605040"))))
type(PROCESS_GROUP),fromRelationships.runsOn(type(HOST),fromRelationships.runsOn(type(EC2_INSTANCE),fromRelationships.isAccessibleBy(type(AWS_CREDENTIALS),awsAccountId("908070605040"))))
Related topics¶
- Management zones
- Queue tags and management zones
- Set up management zones
- Define and apply tags
- Infrastructure Observability
Source: cloudwatch-metrics.md¶
title: Monitor Amazon Web Services with CloudWatch metrics source: https://www.dynatrace.com/docs/ingest-from/amazon-web-services/integrate-with-aws/cloudwatch-metrics scraped: 2026-02-18T05:55:34.816706
Monitor Amazon Web Services with CloudWatch metrics¶
Monitor Amazon Web Services with CloudWatch metrics¶
- How-to guide
- 23-min read
- Updated on Feb 05, 2026
Follow this guide to start ingesting data remotely from Amazon CloudWatch.
Its main focus is on infrastructure monitoring of AWS services: Dynatrace monitoring AWS services via CloudWatch.
See What's next? for Full-Stack and Log Monitoring of your AWS services.
After you have established the initial monitoring, you can add, remove, or modify service monitoring using the Dynatrace web UI, at scale, or using the Dynatrace API.
Details of collected measurements
To learn the measurements collected for each of the AWS services, see:
- AWS cloud services enabled by default and metrics metrics Dynatrace collects by default for AWS monitoring.")
- AWS cloud services
The Amazon Web Services infrastructure monitoring provides metrics from CloudWatch, infrastructure data available via public AWS API, and specific events. The data is collected in five-minute intervals.
Cost of monitoring¶
- Each service monitored by Dynatrace through CloudWatch, as well as log processing and analysis, consumes DDUs.
- Amazon may charge you extra for CloudWatch metric queries. For details on these additional costs, please consult Amazon CloudWatch pricing online documentation.
Monitoring prerequisites¶
There are three prerequisites for the AWS monitoring setup:
- Dynatrace admin permissions
To manage AWS monitoring configuration, you need permissions to read and modify the builtin:cloud.aws schema.
- Both
settings:objects:readandsettings:objects:writeare required. - They are included in the Change monitoring settings permissions.
- Read-only access is not supported.
See Manage user permissions with roles for details on how to manage and set permissions.
- Allow ActiveGate to access URLs
To monitor Amazon Web Services, Dynatrace needs to be able to connect to the Amazon CloudWatch API and query it periodically. At least one ActiveGate needs to be able to connect to Amazon CloudWatch to perform the monitoring tasks. Your ActiveGate needs to be deployed on an EC2 instance and be able to connect to the endpoints listed below.
From Dynatrace version 1.267+, only role-based access can be used. Key-based authorization is no longer available for new credentials. For existing key-based credentials, you can keep using keys indefinitely. We recommend switching to role-based authentication using the dedicated button on the configuration page. Dynatrace automatically checks the configuration to ensure the correct configuration of roles.
Key-based authentication is allowed only for AWS GovCloud and China partitions.
An ActiveGate capable of monitoring your AWS account for classic (built-in) supported services is already provided and available within the Dynatrace AWS account.
However, to monitor specific non-default AWS cloud services or if your AWS account exceeds 2,000 AWS resources, you must install and configure an Environment ActiveGate. Follow the ActiveGate installation guide and resume this guide when done.
You must install and configure an Environment ActiveGate if you want to monitor either or both of the following:
- More than 2,000 AWS resources (AWS service instances)
- Non-default AWS Cloud services
Allow ActiveGate to access AWS URLs¶
The integration accesses the following AWS API endpoints, so they must be accessible from your ActiveGate:
- AWS Security Token Service (AWS STS)
AWS STS global endpoint is not supported. Make sure that sts.<REGION>.amazonaws.com is accessible for the regions you want to monitor.
See AWS STS Regionalized endpoints for more details.
- AWS Resource Groups Tagging
Other endpoints may be required depending on the services you need to monitor.
Consult the tables below for endpoints specific to each service you might want to monitor and for AWS Regions supported by Dynatrace AWS Monitoring.
AWS endpoints that need to be reachable from ActiveGate with corresponding AWS services¶
| Endpoint | Service |
|---|---|
autoscaling.<REGION>.amazonaws.com |
Amazon EC2 Auto Scaling (built-in), Amazon EC2 Auto Scaling |
lambda.<REGION>.amazonaws.com |
AWS Lambda (built-in), AWS Lambda |
elasticloadbalancing.<REGION>.amazonaws.com |
Amazon Application and Network Load Balancer (built-in), Amazon Elastic Load Balancer (ELB) (built-in) |
dynamodb.<REGION>.amazonaws.com |
Amazon DynamoDB (built-in), Amazon DynamoDB |
ec2.<REGION>.amazonaws.com |
Amazon EBS (built-in), Amazon EC2 (built-in), Amazon EBS, Amazon EC2 Spot Fleet, Amazon VPC NAT Gateways, AWS Transit Gateway, AWS Site-to-Site VPN |
rds.<REGION>.amazonaws.com |
Amazon RDS (built-in), Amazon Aurora, Amazon DocumentDB, Amazon Neptune, Amazon RDS |
s3.<REGION>.amazonaws.com |
Amazon S3 (built-in) |
acm-pca.<REGION>.amazonaws.com |
AWS Certificate Manager Private Certificate Authority |
apigateway.<REGION>.amazonaws.com |
Amazon API Gateway |
apprunner.<REGION>.amazonaws.com |
AWS App Runner |
appstream2.<REGION>.amazonaws.com |
Amazon AppStream |
appsync.<REGION>.amazonaws.com |
AWS AppSync |
athena.<REGION>.amazonaws.com |
Amazon Athena |
cloudfront.amazonaws.com |
Amazon CloudFront |
cloudhsmv2.<REGION>.amazonaws.com |
AWS CloudHSM |
cloudsearch.<REGION>.amazonaws.com |
Amazon CloudSearch |
codebuild.<REGION>.amazonaws.com |
AWS CodeBuild |
datasync.<REGION>.amazonaws.com |
AWS DataSync |
dax.<REGION>.amazonaws.com |
Amazon DynamoDB Accelerator (DAX) |
dms.<REGION>.amazonaws.com |
AWS Database Migration Service (AWS DMS) |
directconnect.<REGION>.amazonaws.com |
AWS Direct Connect |
ecs.<REGION>.amazonaws.com |
Amazon Elastic Container Service (ECS), Amazon ECS Container Insights |
elasticfilesystem.<REGION>.amazonaws.com |
Amazon Elastic File System (EFS) |
eks.<REGION>.amazonaws.com |
Amazon Elastic Kubernetes Service (EKS) |
elasticache.<REGION>.amazonaws.com |
Amazon ElastiCache (EC) |
elasticbeanstalk.<REGION>.amazonaws.com |
AWS Elastic Beanstalk |
elastictranscoder.<REGION>.amazonaws.com |
Amazon Elastic Transcoder |
es.<REGION>.amazonaws.com |
Amazon Elasticsearch Service (ES) |
events.<REGION>.amazonaws.com |
Amazon EventBridge |
fsx.<REGION>.amazonaws.com |
Amazon FSx |
gamelift.<REGION>.amazonaws.com |
Amazon GameLift |
glue.<REGION>.amazonaws.com |
AWS Glue |
inspector.<REGION>.amazonaws.com |
Amazon Inspector |
kafka.<REGION>.amazonaws.com |
Amazon Managed Streaming for Kafka |
models.lex.<REGION>.amazonaws.com |
Amazon Lex |
logs.<REGION>.amazonaws.com |
Amazon CloudWatch Logs |
api.mediatailor.<REGION>.amazonaws.com |
AWS Elemental MediaTailor |
mediaconnect.<REGION>.amazonaws.com |
AWS Elemental MediaConnect |
mediapackage.<REGION>.amazonaws.com |
AWS Elemental MediaPackage Live |
mediapackage-vod.<REGION>.amazonaws.com |
AWS Elemental MediaPackage Video on Demand |
opsworks.<REGION>.amazonaws.com |
AWS OpsWorks |
qldb.<REGION>.amazonaws.com |
Amazon QLDB |
redshift.<REGION>.amazonaws.com |
Amazon Redshift |
robomaker.<REGION>.amazonaws.com |
AWS RoboMaker |
route53.amazonaws.com |
Amazon Route 53 |
route53resolver.<REGION>.amazonaws.com |
Amazon Route 53 Resolver |
api.sagemaker.<REGION>.amazonaws.com |
Amazon SageMaker Endpoints, Amazon SageMaker Endpoint Instances |
sns.<REGION>.amazonaws.com |
Amazon Simple Notification Service (SNS) |
sqs.<REGION>.amazonaws.com |
Amazon Simple Queue Service (SQS) |
storagegateway.<REGION>.amazonaws.com |
AWS Storage Gateway |
swf.<REGION>.amazonaws.com |
Amazon SWF |
transfer.<REGION>.amazonaws.com |
AWS Transfer Family |
workmail.<REGION>.amazonaws.com |
Amazon WorkMail |
workspaces.<REGION>.amazonaws.com |
Amazon WorkSpaces |
AWS Regions supported by Dynatrace AWS Monitoring¶
us-gov-west-1: AWS GovCloud (US)us-gov-east-1: AWS GovCloud (US-East)us-east-1: US East (N. Virginia)us-east-2: US East (Ohio)us-west-1: US West (N. California)us-west-2: US West (Oregon)eu-west-1: EU (Ireland)eu-west-2: EU (London)eu-west-3: EU (Paris)eu-central-1: EU (Frankfurt)eu-central-2: EU (Zurich)eu-north-1: EU (Stockholm)eu-south-1: EU (Milan)eu-south-2: EU (Spain)ap-east-1: Asia Pacific (Hong Kong)ap-east-2: Asia Pacific (Taipei)ap-south-1: Asia Pacific (Mumbai)ap-south-2: Asia Pacific (Hyderabad)ap-southeast-1: Asia Pacific (Singapore)ap-southeast-2: Asia Pacific (Sydney)ap-southeast-3: Asia Pacific (Jakarta)ap-southeast-4: Asia Pacific (Melbourne)ap-southeast-5: Asia Pacific (Malaysia)ap-southeast-6: Asia Pacific (New Zealand)ap-southeast-7: Asia Pacific (Thailand)ap-northeast-1: Asia Pacific (Tokyo)ap-northeast-2: Asia Pacific (Seoul)ap-northeast-3: Asia Pacific (Osaka)sa-east-1: South America (Sao Paulo)cn-north-1: China (Beijing)cn-northwest-1: China (Ningxia)ca-central-1: Canada (Central)ca-west-1: Canada West (Calgary)il-central-1: Israel (Tel Aviv)me-central-1: Middle East (UAE)me-south-1: Middle East (Bahrain)mx-central-1: Mexico (Central)af-south-1: Africa (Cape Town)us-iso-east-1: US ISO Eastus-isob-east-1: US ISOB East (Ohio)us-iso-west-1: US ISO West
Proxy
The most frequent cause of certificate issues with the TLS interception proxy is a missing proxy's CA certificate in the ActiveGate truststore.
If you're still having proxy issues, see:
"Communication error."
Make sure that the URLs are whitelisted. Otherwise, you might get communication or timeout errors.
- AWS monitoring policy and role-based authentication
To perform these steps, you need to have AWS admin privileges.
The AWS monitoring policy defines the minimal scope of permissions you need to give to Dynatrace to monitor the services running in your AWS account. Create it once and use it any time when enabling Dynatrace access to your AWS account. If you don't want to add permissions to all services, and just select permissions for certain services, consult the table below. The table contains a set of permissions that are required for all AWS cloud services, a list of optional permissions specific to that service.
Permissions required for AWS monitoring integration:
"cloudwatch:GetMetricData""cloudwatch:GetMetricStatistics""cloudwatch:ListMetrics""sts:GetCallerIdentity""tag:GetResources""tag:GetTagKeys""ec2:DescribeAvailabilityZones"
Complete list of permissions for cloud services¶
| Name | Permissions |
|---|---|
| All monitored Amazon services Required | cloudwatch:GetMetricData, cloudwatch:GetMetricStatistics, cloudwatch:ListMetrics, sts:GetCallerIdentity, tag:GetResources, tag:GetTagKeys, ec2:DescribeAvailabilityZones |
| AWS Certificate Manager Private Certificate Authority | acm-pca:ListCertificateAuthorities |
| Amazon MQ | |
| Amazon API Gateway | apigateway:GET |
| AWS App Runner | apprunner:ListServices |
| Amazon AppStream | appstream:DescribeFleets |
| AWS AppSync | appsync:ListGraphqlApis |
| Amazon Athena | athena:ListWorkGroups |
| Amazon Aurora | rds:DescribeDBClusters |
| Amazon EC2 Auto Scaling | autoscaling:DescribeAutoScalingGroups |
| Amazon EC2 Auto Scaling (built-in) | autoscaling:DescribeAutoScalingGroups |
| AWS Billing | |
| Amazon Keyspaces | |
| AWS Chatbot | |
| Amazon CloudFront | cloudfront:ListDistributions |
| AWS CloudHSM | cloudhsm:DescribeClusters |
| Amazon CloudSearch | cloudsearch:DescribeDomains |
| AWS CodeBuild | codebuild:ListProjects |
| Amazon Cognito | |
| Amazon Connect | |
| Amazon Elastic Kubernetes Service (EKS) | eks:ListClusters |
| AWS DataSync | datasync:ListTasks |
| Amazon DynamoDB Accelerator (DAX) | dax:DescribeClusters |
| AWS Database Migration Service (AWS DMS) | dms:DescribeReplicationInstances |
| Amazon DocumentDB | rds:DescribeDBClusters |
| AWS Direct Connect | directconnect:DescribeConnections |
| Amazon DynamoDB | dynamodb:ListTables |
| Amazon DynamoDB (built-in) | dynamodb:ListTables, dynamodb:ListTagsOfResource |
| Amazon EBS | ec2:DescribeVolumes |
| Amazon EBS (built-in) | ec2:DescribeVolumes |
| Amazon EC2 API | |
| Amazon EC2 (built-in) | ec2:DescribeInstances |
| Amazon EC2 Spot Fleet | ec2:DescribeSpotFleetRequests |
| Amazon Elastic Container Service (ECS) | ecs:ListClusters |
| Amazon ECS Container Insights | ecs:ListClusters |
| Amazon ElastiCache (EC) | elasticache:DescribeCacheClusters |
| AWS Elastic Beanstalk | elasticbeanstalk:DescribeEnvironments |
| Amazon Elastic File System (EFS) | elasticfilesystem:DescribeFileSystems |
| Amazon Elastic Inference | |
| Amazon Elastic Map Reduce (EMR) | elasticmapreduce:ListClusters |
| Amazon Elasticsearch Service (ES) | es:ListDomainNames |
| Amazon Elastic Transcoder | elastictranscoder:ListPipelines |
| Amazon Elastic Load Balancer (ELB) (built-in) | elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth |
| Amazon EventBridge | events:ListEventBuses |
| Amazon FSx | fsx:DescribeFileSystems |
| Amazon GameLift | gamelift:ListFleets |
| AWS Glue | glue:GetJobs |
| Amazon Inspector | inspector:ListAssessmentTemplates |
| AWS Internet of Things (IoT) | |
| AWS IoT Analytics | |
| Amazon Managed Streaming for Kafka | kafka:ListClusters |
| Amazon Kinesis Data Analytics | kinesisanalytics:ListApplications |
| Amazon Data Firehose | firehose:ListDeliveryStreams |
| Amazon Kinesis Data Streams | kinesis:ListStreams |
| Amazon Kinesis Video Streams | kinesisvideo:ListStreams |
| AWS Lambda | lambda:ListFunctions |
| AWS Lambda (built-in) | lambda:ListFunctions, lambda:ListTags |
| Amazon Lex | lex:GetBots |
| Amazon Application and Network Load Balancer (built-in) | elasticloadbalancing:DescribeInstanceHealth, elasticloadbalancing:DescribeListeners, elasticloadbalancing:DescribeLoadBalancers, elasticloadbalancing:DescribeRules, elasticloadbalancing:DescribeTags, elasticloadbalancing:DescribeTargetHealth |
| Amazon CloudWatch Logs | logs:DescribeLogGroups |
| AWS Elemental MediaConnect | mediaconnect:ListFlows |
| AWS Elemental MediaConvert | mediaconvert:DescribeEndpoints |
| AWS Elemental MediaPackage Live | mediapackage:ListChannels |
| AWS Elemental MediaPackage Video on Demand | mediapackage-vod:ListPackagingConfigurations |
| AWS Elemental MediaTailor | mediatailor:ListPlaybackConfigurations |
| Amazon VPC NAT Gateways | ec2:DescribeNatGateways |
| Amazon Neptune | rds:DescribeDBClusters |
| AWS OpsWorks | opsworks:DescribeStacks |
| Amazon Polly | |
| Amazon QLDB | qldb:ListLedgers |
| Amazon RDS | rds:DescribeDBInstances |
| Amazon RDS (built-in) | rds:DescribeDBInstances, rds:DescribeEvents, rds:ListTagsForResource |
| Amazon Redshift | redshift:DescribeClusters |
| Amazon Rekognition | |
| AWS RoboMaker | robomaker:ListSimulationJobs |
| Amazon Route 53 | route53:ListHostedZones |
| Amazon Route 53 Resolver | route53resolver:ListResolverEndpoints |
| Amazon S3 | s3:ListAllMyBuckets |
| Amazon S3 (built-in) | s3:ListAllMyBuckets |
| Amazon SageMaker Batch Transform Jobs | |
| Amazon SageMaker Endpoint Instances | sagemaker:ListEndpoints |
| Amazon SageMaker Endpoints | sagemaker:ListEndpoints |
| Amazon SageMaker Ground Truth | |
| Amazon SageMaker Processing Jobs | |
| Amazon SageMaker Training Jobs | |
| AWS Service Catalog | |
| Amazon Simple Email Service (SES) | |
| Amazon Simple Notification Service (SNS) | sns:ListTopics |
| Amazon Simple Queue Service (SQS) | sqs:ListQueues |
| AWS Systems Manager - Run Command | |
| AWS Step Functions | |
| AWS Storage Gateway | storagegateway:ListGateways |
| Amazon SWF | swf:ListDomains |
| Amazon Textract | |
| AWS IoT Things Graph | |
| AWS Transfer Family | transfer:ListServers |
| AWS Transit Gateway | ec2:DescribeTransitGateways |
| Amazon Translate | |
| AWS Trusted Advisor | |
| AWS API Usage | |
| AWS Site-to-Site VPN | ec2:DescribeVpnConnections |
| AWS WAF Classic | |
| AWS WAF | |
| Amazon WorkMail | workmail:ListOrganizations |
| Amazon WorkSpaces | workspaces:DescribeWorkspaces |
To get the information required for comprehensive AWS cloud-computing monitoring, you have to authorize Dynatrace to access your Amazon metrics. Dynatrace will identify all the virtualized infrastructure components in your AWS environment and collect performance metrics related to those components.
Next, select the deployment model that best describes your environment and follow the procedure for that model.
Deployment with no ActiveGate
Deployment with existing ActiveGate
Dynatrace SaaS needs a role-based monitoring access to your AWS account.
You won't be able to monitor non-default AWS cloud services without an AWS-hosted Environment ActiveGate.
You will need:
- AWS account ID
- Rights to assign role-based access to your AWS account
-
External ID, which can be acquired as follows.
-
Go to Settings > Cloud and virtualization > AWS.
- Select Connect new Instance.
- Under Authentication method select Role-based authentication.
- Under Your Amazon account ID select Copy to copy the token (External ID).
To create role-based access
- Download a YAML file with CloudFormation template from cloud-snippets/role_based_access_no_AG_template.yml.
-
Create the stack in your Amazon Console:
-
In your Amazon Console, go to CloudFormation.
- Go to Stacks and create a new stack with new resources.
- Select Template is ready, upload the template you've created above, and select Next.
- In Parameters, enter the External ID.
- Enter a name for your stack and select Next twice.
- Review your configuration and accept the policy terms.
- Select Create stack.
Alternative: create stack via CLI
To create the stack using the CLI, run the command below, making sure to replace the parameter values with your actual values.
You also need to remove the angle brackets (< and >).
aws cloudformation create-stack \
--capabilities CAPABILITY_NAMED_IAM \
--stack-name <stack_name> \
--template-body <file:///home/user/template_file.yaml> \
--parameters ParameterKey=ExternalID,ParameterValue=<external_id> ParameterKey=RoleName,ParameterValue=<role_name> ParameterKey=PolicyName,ParameterValue=<policy_name>
The instructions below are applicable whether or not the account hosting your ActiveGate is the same as your monitored account. In a typical setup, you need to create two CloudFormation stacks using CloudFormation templates:
-
A CloudFormation stack from the account hosting your ActiveGate, containing the following resources:
-
A role for your Environment ActiveGate hosted in your AWS infrastructure, on an Amazon EC2 host.
- Its attached policy, defining the monitored account permissions.
-
A CloudFormation stack from the monitored account, containing the following resources:
-
A dedicated monitoring role for Dynatrace in your AWS account.
- Its attached policy, defining the Dynatrace authentication permissions to your AWS environment.
To monitor multiple accounts, use the role_based_access_AG_account_multiple_monitoring_roles_template.yml and repeat the Create a role for ActiveGate on the account that hosts ActiveGate steps to create a stack for each monitored account.
You will need:
- An ActiveGate installed on an Amazon EC2 host. It must be able to assume a role within your AWS account that allows it to read the Dynatrace monitoring data.
- The ID of the AWS account that hosts the ActiveGate (the account that hosts your Dynatrace components, which in this case is the one hosting the Environment ActiveGate).
- The Amazon Web Services monitored account ID (the account that you want to monitor).
- The name of the role with which your Environment ActiveGate was started.
-
The External ID, which you can get as follows.
-
Go to Settings > Cloud and virtualization > AWS.
- Select Connect new instance.
- Under Authentication method, select Role-based authentication.
- Under Token, select Copy to copy the token (the External ID) to your clipboard.
Create a role for ActiveGate on the account that hosts ActiveGate
- Download the role_based_access_AG_account_template.yml.
-
Create the stack in your Amazon Console:
-
In your Amazon Console, go to CloudFormation.
- Go to Stacks and create a new stack with new resources.
- Select Template is ready, upload the template you created above, and then select Next.
- In Parameters, for Monitored Account ID, enter the ID of the account Dynatrace will monitor. Optionally, adapt other parameters as needed.
- Enter a name for your stack, and then select Next twice.
- Review your configuration, select I acknowledge that AWS CloudFormation might create IAM resources with custom names, and select Submit.
You can also create a stack via CLI using the command below:
aws cloudformation create-stack \
--capabilities CAPABILITY_NAMED_IAM \
--stack-name <stack_name> \
--template-body <file:///home/user/template_file.yaml> \
--parameters ParameterKey=ActiveGateRoleName,ParameterValue=<role_name> ParameterKey=AssumePolicyName,ParameterValue=<policy_name> ParameterKey=MonitoringRoleName,ParameterValue=<monitoring_role_name> ParameterKey=MonitoredAccountID,ParameterValue=<monitored_account_id>
- Go to the Amazon EC2 console, right-click an instance hosting your Environment ActiveGate, and select Security > Modify IAM role.
- Select the role you created and select Update IAM role.
Create a monitoring role for Dynatrace on your monitored account
After the Dynatrace_ActiveGate_role is created on the account hosting the ActiveGate, create a role for the account to be monitored.
- Download a YAML file with CloudFormation template from role_based_access_monitored_account_template.yml.
-
Create the stack in your Amazon Console:
-
In your Amazon Console, go to CloudFormation.
- Go to Stacks and create a new stack with new resources.
- Select Template is ready, upload the template you created above, and select Next.
- In Parameters, enter External ID, ActiveGateRoleName and ActiveGateAccountID from the stack you created. Optionally, adapt other parameters if needed.
- Enter a name for your stack, and then select Next twice.
- Review your configuration, enable I acknowledge that AWS CloudFormation might create IAM resources with custom names, and select Submit.
You can also create a stack via CLI using the command below:
aws cloudformation create-stack \
--capabilities CAPABILITY_NAMED_IAM \
--stack-name <stack_name> \
--template-body <file:///home/user/template_file.yaml> \
--parameters ParameterKey=ExternalID,ParameterValue=<external_id> ParameterKey=ActiveGateRoleName,ParameterValue=<activegate_role_name> ParameterKey=ActiveGateAccountID,ParameterValue=<activegate_account_id>
Modify ActiveGate configuration
Starting with ActiveGate version 1.217, AWS monitoring is enabled by default. For configuration details, see Customize ActiveGate properties. The following configuration settings refer to earlier ActiveGate versions.
- Edit the
custom.propertiesfile of your Environment ActiveGate. - Make the following property settings:
If the ActiveGate is dedicated to AWS monitoring, you also need to set the MSGrouter property as follows:
3. Save the file and restart the ActiveGate main service.Key-based authentication (AWS GovCloud and AWS China only)
Only for AWS GovCloud and China partitions is key-based authentication allowed.
In this scenario you have to create an AWS monitoring policy and generate a key pair with that policy.
AWS Identity and Access Management (IAM) permission boundaries may deny AWS actions required by Dynatrace. If you use IAM permission boundary on your AWS account, make sure that actions from policy are allowed in all AWS Regions within permission boundary.
To create the AWS monitoring policy
- In your Amazon Console, go to Identity and Access Management.
- Go to Policies and select Create policy.
- Select the JSON tab and paste the predefined policy from the box below.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": [
"acm-pca:ListCertificateAuthorities",
"apigateway:GET",
"apprunner:ListServices",
"appstream:DescribeFleets",
"appsync:ListGraphqlApis",
"athena:ListWorkGroups",
"autoscaling:DescribeAutoScalingGroups",
"cloudformation:ListStackResources",
"cloudfront:ListDistributions",
"cloudhsm:DescribeClusters",
"cloudsearch:DescribeDomains",
"cloudwatch:GetMetricData",
"cloudwatch:GetMetricStatistics",
"cloudwatch:ListMetrics",
"codebuild:ListProjects",
"datasync:ListTasks",
"dax:DescribeClusters",
"directconnect:DescribeConnections",
"dms:DescribeReplicationInstances",
"dynamodb:ListTables",
"dynamodb:ListTagsOfResource",
"ec2:DescribeAvailabilityZones",
"ec2:DescribeInstances",
"ec2:DescribeNatGateways",
"ec2:DescribeSpotFleetRequests",
"ec2:DescribeTransitGateways",
"ec2:DescribeVolumes",
"ec2:DescribeVpnConnections",
"ecs:ListClusters",
"eks:ListClusters",
"elasticache:DescribeCacheClusters",
"elasticbeanstalk:DescribeEnvironmentResources",
"elasticbeanstalk:DescribeEnvironments",
"elasticfilesystem:DescribeFileSystems",
"elasticloadbalancing:DescribeInstanceHealth",
"elasticloadbalancing:DescribeListeners",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticloadbalancing:DescribeRules",
"elasticloadbalancing:DescribeTags",
"elasticloadbalancing:DescribeTargetHealth",
"elasticmapreduce:ListClusters",
"elastictranscoder:ListPipelines",
"es:ListDomainNames",
"events:ListEventBuses",
"firehose:ListDeliveryStreams",
"fsx:DescribeFileSystems",
"gamelift:ListFleets",
"glue:GetJobs",
"inspector:ListAssessmentTemplates",
"kafka:ListClusters",
"kinesis:ListStreams",
"kinesisanalytics:ListApplications",
"kinesisvideo:ListStreams",
"lambda:ListFunctions",
"lambda:ListTags",
"lex:GetBots",
"logs:DescribeLogGroups",
"mediaconnect:ListFlows",
"mediaconvert:DescribeEndpoints",
"mediapackage-vod:ListPackagingConfigurations",
"mediapackage:ListChannels",
"mediatailor:ListPlaybackConfigurations",
"opsworks:DescribeStacks",
"qldb:ListLedgers",
"rds:DescribeDBClusters",
"rds:DescribeDBInstances",
"rds:DescribeEvents",
"rds:ListTagsForResource",
"redshift:DescribeClusters",
"robomaker:ListSimulationJobs",
"route53:ListHostedZones",
"route53resolver:ListResolverEndpoints",
"s3:ListAllMyBuckets",
"sagemaker:ListEndpoints",
"sns:ListTopics",
"sqs:ListQueues",
"storagegateway:ListGateways",
"sts:GetCallerIdentity",
"swf:ListDomains",
"tag:GetResources",
"tag:GetTagKeys",
"transfer:ListServers",
"workmail:ListOrganizations",
"workspaces:DescribeWorkspaces"
],
"Resource": "*"
}
]
}
You'll need to generate an Access key and a Secret access key that Dynatrace can use to get metrics from Amazon Web Services.
- In your Amazon Console, go to Users and select Add Users.
- Enter the User name.
- In the next screen, choose Attach policies directly and attach the policy that you created before.
- Review the user details and select Create user.
- From the list of users, select your newly created user name and go to Security credentials, then select Create access key.
- On Access key best practices & alternatives, select Third-party service, then select Next.
- On Retrieve access keys, store the Access Key ID name (AKID) and Secret access key values.
- You can either download the user credentials or copy the credentials displayed online (select Show).
Alternative: create AWS roles with Terraform
Terraform templates are an alternative way of creating and configuring AWS roles. For detailed instructions on how to create AWS roles with Terraform, see Configuring AWS role-based access with Terraform
Create monitoring configuration¶
You can create, activate, and manage multiple monitoring connections. Each connection is defined by the credentials and/or access tokens required for Dynatrace to be able to pull in the data.
Why configuration is performed per connection
Allowing for multiple connections and configurations makes it possible to monitor even extremely complex environments. With such an approach, you don't need to configure everything at once. Instead, you can gradually add monitoring configurations to your existing setup. Such an architecture also makes it easy to react to the dynamic changes of the monitored environment, without needing to reconfigure the unaffected elements.
- Add a new AWS connection
If you've followed all the prior steps, you're ready to configure Amazon Web Services monitoring.
To add a new AWS connection
- Open
Clouds. - Select Integration manager tab.
-
Learn how to navigate and connect a new instance via Integration manager.
-
AWS cloud services monitored by default
After Dynatrace connects to your AWS environment, it immediately starts monitoring selected AWS services. Classic (formerly 'built-in') AWS metrics metrics Dynatrace collects by default for AWS monitoring.") lists the metrics of AWS cloud services monitored by default.
- Monitor other AWS services
In addition to AWS services, it's also possible to monitor all other AWS cloud services. AWS cloud services are enabled for monitoring per AWS connection.
To add a service to monitoring:
- Go to Settings > Cloud and virtualization > AWS.
- On the AWS overview page, find the connection that you want to change and select Edit
in that row.
- Under Services, select Manage services.
- Select Add service.
- Select the service from the list and then select Add service.
- Select Save changes to save your configuration.
You can add multiple cloud services by repeating the steps above.
Configuration of collected metrics per service
After you add a service, Dynatrace automatically starts collecting a set of metrics for this particular service.
Recommended metrics:
- Enabled by default
- Can not be disabled
- Can come with recommended dimensions (enabled by default, can't be disabled)
- Can come with optional dimensions (disabled by default, can be enabled)
Apart from the recommended metrics, most services have the possibility of enabling optional metrics that can be added and configured manually.
List of AWS cloud services and collected metrics
To see the complete list of AWS cloud services and learn about the metrics collected for each of them, see All AWS cloud services.
Alternatively, you can check the list of supported AWS Services within in-product Dynatrace Hub (search for AWS) or in the web version of Dynatrace Hub.
To add and configure metrics
- Go to Settings > Cloud and virtualization > AWS.
- On the AWS overview page, find the connection that you want to change and select the edit icon next to its name.
- Go to Services and select Manage services.
- To add a metric select the service for which you want to add metrics and select Add new metric.
- From the menu select Add metric for the metric you want to monitor.
- Select Edit to configure the metric.
- Select Apply to save your configuration.
After you select the cloud services and save your changes, monitoring of the newly added services starts automatically.
What's next?¶
Within minutes, you'll see the data on your dashboards.
To see the core measurements per each of the AWS connections
- Go to
AWS Classic. - Select the connection for which you want to see an overview of the AWS infrastructure.
You can also build your own dashboard from the metrics collected for your AWS instances. For details on building dashboards, see Dashboards Classic.
Virtual Machines, containers, and deep code monitoring with Dynatrace OneAgent
Dynatrace OneAgent offers unparalleled depth of insight into hosts, containers, and code. To learn more, see Set up Dynatrace on Amazon Web Services.
Further configuration for notifications and alerts
After you set up AWS monitoring, you can:
- Set up metric events for alerting. This enables you to create, enable, disable and configure recommended alerting rules.
- Limit API calls to AWS using tags. By default, Dynatrace monitors all Amazon Web Services that have been specified in your permission policy. Optionally, you can use tagging to limit the AWS resources that are monitored by Dynatrace.
Integrate CloudWatch Metric Streams
This method of monitoring does not require an ActiveGate. Dynatrace integration with Amazon CloudWatch Metric Streams provides a simple and safe way to ingest AWS metrics. Amazon CloudWatch Metric Streams allows all metrics issued in a given AWS region to be streamed through Kinesis Firehose to the Dynatrace API. For details, see Amazon CloudWatch Metric Streams.
OpenTelemetry and distributed tracing
It is also possible to trace AWS Lambda .NET Core functions with OpenTelemetry .NET.